This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

HTTP De-chunk not working on 2.0.2 Linux (was: Unable to view decompressed data)

0

Trying to do the http-chunked-gzip.pcap testfile on Wireshark 2.0.2, but the assembly appears not to be working. Maybe I am doing something wrong? I compiled WS 2.0.1 and that shows up the combined chunks and I am able to view the uncompressed data.

Hope someone can point me in the right direction.

[Update 2016-03-24] I tried the Windows version and it does work on it with version 2.0.2 (v2.0.2-0-ga16e22e from master-2.0). Kali Linux reports 2.0.2 (SVN Rev Unknown from unknown) but the package is 2.0.2+ga16e22e-1 (which is the latest). Downloaded the source and compiled, but with the same (not working) results.

asked 23 Mar '16, 09:29

marioh's gravatar image

marioh
6113
accept rate: 0%

edited 25 Mar '16, 07:29

grahamb's gravatar image

grahamb ♦
19.8k330206

could you please paste the output of 'wireshark -v'?

(24 Mar '16, 11:42) Pascal Quantin

Sure: Wireshark 2.0.2 (SVN Rev Unknown from unknown)

Copyright 1998-2016 Gerald Combs [email protected] and contributors. License GPLv2+: GNU GPL version 2 or later http://www.gnu.org/licenses/old-licenses/gpl-2.0.html This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with Qt 5.3.2, with libpcap, with POSIX capabilities (Linux), with libnl 3, with libz 1.2.8, with GLib 2.46.2, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, with GnuTLS 3.3.8, with Gcrypt 1.6.3, with MIT Kerberos, with GeoIP, with QtMultimedia, without AirPcap.

Running on Linux 4.4.0-kali1-686-pae, with locale C, with libpcap version 1.7.4, with libz 1.2.8, with GnuTLS 3.3.20, with Gcrypt 1.6.5.

Built using gcc 5.3.1 20160224.

(25 Mar '16, 01:09) marioh

OK, wanted to confirm that you were compiling with zlib. Maybe you have some different tcp/http settings between Linux and Windows?

(25 Mar '16, 07:14) Pascal Quantin

Hi. As far as I can tell the problem is not as much as not decompressing, but wireshark refuses to "de-chunck" the data. The exact same setup / OS, compiling from source version 2.0.1 will work flawlessly. ireshark 2.0.1 (SVN Rev Unknown from unknown)

Copyright 1998-2015 Gerald Combs [email protected] and contributors. License GPLv2+: GNU GPL version 2 or later http://www.gnu.org/licenses/old-licenses/gpl-2.0.html This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 3.18.9, with Cairo 1.14.6, with Pango 1.38.1, with libpcap, without POSIX capabilities, without libnl, with libz 1.2.8, with GLib 2.46.2, without SMI, without c-ares, without ADNS, without Lua, without GnuTLS, without Gcrypt, without Kerberos, without GeoIP, without PortAudio, without AirPcap.

Running on Linux 4.4.0-kali1-686-pae, with locale en_US.UTF-8, with libpcap version 1.7.4, with libz 1.2.8.

Built using gcc 5.3.1 20160307.

I'll change the question title.

(25 Mar '16, 07:24) marioh

OK. Could you please fill a bug on https://bugs.wireshark.org ?

(25 Mar '16, 08:23) Pascal Quantin

OK. Done. Hope it can be fixed. Thanks for your support.

Admin edit: Bug 12290

(25 Mar '16, 08:49) marioh

yes, it can be fixed, don't worry :)

(25 Mar '16, 08:59) Pascal Quantin
showing 5 of 7 show 2 more comments

One Answer:

0

In fact this bug was already fixed a few days ago as seen here. You simply need to update your source tree or apply the patch locally.

Admin edit, the earlier report of this issue was bug 12238

answered 25 Mar '16, 09:28

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%

edited 25 Mar '16, 09:48

grahamb's gravatar image

grahamb ♦
19.8k330206