Wireshark-bugs: [Wireshark-bugs] [Bug 3293] HTTP packet not recognized in some occasions
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3293
Chris Maynard <christopher.maynard@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
--- Comment #3 from Chris Maynard <christopher.maynard@xxxxxxxxx> 2012-09-22 10:53:04 PDT ---
(In reply to comment #0)
> Depending on the content of the HTTP the packet might be not recognized.
>
> I use the wireshark on linux box and open/save packets into XML format (-T
> pdml) into a text file which is then analyzed. After some text parsing I
> noticed some packets were not shown correctly. opening it on Windows box with
> wireshark 1.0.4 showed the packet correctly but the XML format from linux box
> was not.
>
> Attachment traces_new.cap.zip contains the full traces in which is the packet
> in question. The packet 24 gets opened with 1.0.4 on windows box but when the
> same file I push through: tshark -V -r traces_athens.0.9.cap > traces.xml
>
> the file traces.xml doesn't contain the packet in question correctly dissected.
The file you attached was just a text file, not an xml file, because "tshark -V
-r traces_athens.0.9.cap > traces.xml" does not produce xml output, but simple
text output.
> Hint: search through for POST and you will find the first packet "POST" only
> inside the data part of the packet while the second packet (the previous
> encapsulated into the GTP) is dissected correctly.
>
> The behavior somehow looks like a bug 1958
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1958
>
> I am not sure if these traces help anything but though to report it anyway.
I'm not sure if you attached the correct trace files or not, but I regenerated
pdml output from your trace file and everything looks OK to me. Either there
was a bug that was fixed sometime between when this bug report was filed and
now or maybe you forgot to use "-T pdml", or I'm not sure what, but closing as
WORKSFORME. Feel free to reopen if you still experience a problem.
BTW, I tested using SVN 45053 on Windows 7 64-bit.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.