Wireshark-bugs: [Wireshark-bugs] [Bug 3293] HTTP packet not recognized in some occasions
Date: Sat, 22 Sep 2012 10:53:04 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3293

Chris Maynard <christopher.maynard@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WORKSFORME

--- Comment #3 from Chris Maynard <christopher.maynard@xxxxxxxxx> 2012-09-22 10:53:04 PDT ---
(In reply to comment #0)
> Depending on the content of the HTTP the packet might be not recognized.
> 
> I use the wireshark on linux box and open/save packets into XML format (-T
> pdml) into a text file which is then analyzed. After some text parsing I
> noticed some packets were not shown correctly. opening it on Windows box with
> wireshark 1.0.4 showed the packet correctly but the XML format from linux box
> was not.
> 
> Attachment traces_new.cap.zip contains the full traces in which is the packet
> in question. The packet 24 gets opened with 1.0.4 on windows box but when the
> same file I push through: tshark -V -r traces_athens.0.9.cap > traces.xml
> 
> the file traces.xml doesn't contain the packet in question correctly dissected.

The file you attached was just a text file, not an xml file, because "tshark -V
-r traces_athens.0.9.cap > traces.xml" does not produce xml output, but simple
text output.

> Hint: search through for POST and you will find the first packet "POST" only
> inside the data part of the packet while the second packet (the previous
> encapsulated into the GTP) is dissected correctly.
> 
> The behavior somehow looks like a bug 1958
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1958
> 
> I am not sure if these traces help anything but though to report it anyway.

I'm not sure if you attached the correct trace files or not, but I regenerated
pdml output from your trace file and everything looks OK to me.  Either there
was a bug that was fixed sometime between when this bug report was filed and
now or maybe you forgot to use "-T pdml", or I'm not sure what, but closing as
WORKSFORME.  Feel free to reopen if you still experience a problem.

BTW, I tested using SVN 45053 on Windows 7 64-bit.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.