On Mon, May 29, 2006 at 12:37:41PM +0200, Pierre-Yves LE BIHAN wrote:
>
> I've analysed traffic between a W200 workstation and a W2K3 server;
> I find frames with this information "continuation or non-http traffic".
That means ethereal sees packets on tcp port 80 which don't contain
an http header. This is quite common, since many http-objects are
larger than 1 tcp packet. Hence the comment "Continuation". You can
probably see an http-packet before those "continuations".
It also means you have some re-assembly settings turned off. Either
the "reassemble http headers" and "reassemble http bodies" options
are turned off in the http protocol preferences and/or the "allow
subdissector to reassemble tcp streams" option is turned off in the
tcp protocol preferences.
If they were all turned on, you would have seen "tcp segment of a
reassembled PDU" frames, ending in a http frame, containing the
whole http-request or http-response.
Hope this helps, Cheers,
Sake
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
