Wireshark · Wireshark-users: Re: [Wireshark-users] begginer question , how to decode this response

Wireshark-users: Re: [Wireshark-users] begginer question , how to decode this response

From: Sake Blok <sake@xxxxxxxxxx>

Date: Thu, 15 Jul 2010 16:34:17 +0200

On 15 jul 2010, at 14:21, Meir Yanovich wrote:

> \im monitoring some http request and getting response that is probbpli encoded and i like to decode the response
> how can i do this is wireshark?
> here is example when i make follow stream :
> [...]
> Content-Encoding: gzip

The data you see in the Follow TCP Stream output is RAW TCP data. In this case it's HTTP data, where the response is compressed by gzip. Wireshark is able to decompress the data for you. If reassembly is enabled in your preferences, you should be able to see the HTTP response unencrypted in the packet details. Unfortunately there is no functionality in Wireshark at this time to decompress data in the Follow TCP Stream output.

Cheers,

Sake

References:
- [Wireshark-users] begginer question , how to decode this response
  - From: Meir Yanovich

Prev by Date: [Wireshark-users] ssl.handshake and ring buffer capture
Next by Date: Re: [Wireshark-users] ssl.handshake and ring buffer capture
Previous by thread: [Wireshark-users] begginer question , how to decode this response
Next by thread: [Wireshark-users] ssl.handshake and ring buffer capture
Index(es):
- Date
- Thread