Wireshark-users: Re: [Wireshark-users] Wireshark doesn't think this is an HTTP packet
On Tue, Apr 15, 2008 at 05:29:55PM +0100, DePriest, Jason R. wrote:
This end-user has an application that is trying to update itself. The
app is called LaserApp and both Wireshark and our proxy servers think
this is a Bad Request.
I have attached three packets from a capture that are HTTP requests
that Wireshark doesn't think are HTTP requests.
Here is a sample.
0000 00 e0 81 47 0d 0a 00 01 64 f9 1a 01 08 00 45 00 ...G....d.....E.
0010 00 fb 2a ad 40 00 7d 06 5e 24 ac 1c b9 c4 0a 46 ..*.@.}.^$.....F
0020 04 05 0e 28 1f 90 0f 51 d4 da 37 f6 b6 e2 50 18 ...(...Q..7...P.
0030 ff ff 91 84 00 00 43 4f 4e 4e 45 43 54 20 77 77 ......CONNECT ww
0040 77 2e 6c 61 73 65 72 61 70 70 2e 63 6f 6d 3a 34 w.laserapp.com:4
0050 34 33 20 48 54 54 50 2f 31 2e 30 0d 0a 43 6f 6e 43 HTTP/1.0..Con
0060 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 36 31 35 tent-Length: 615
0070 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 ..Pragma: no-cac
0080 68 65 0d 0a 50 72 6f 78 79 2d 43 6f 6e 6e 65 63 he..Proxy-Connec
0090 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 tion: keep-alive
00a0 0d 0a 48 6f 73 74 3a 20 77 77 77 2e 6c 61 73 65 ..Host: www.lase
00b0 72 61 70 70 2e 63 6f 6d 3a 34 34 33 0d 0a 41 63 rapp.com:443..
Also, since this connection is going through a proxy and the SSL setup
is being handled via the CONNECT message, is it possible that the app is
not proxy aware?
--
Thanks,
Hansang
