Wireshark-users: [Wireshark-users] invisible http responses and multiple http responses
Hi,
I used tcpdump to capture youtube packets, then I read those captured pcap file with wireshark
I noticed that some http responses (like http 200 OK) are invisible in the wireshark and they are inside the TCP segment of an reasembled PDU. I read the TCP data palyload and noticed them. These segments are following directly after the corresponding http request. I also tried to identify them through tcpshark but failed. So are there any ways to identify these invisible http responses?
Besides, when I follow a tcp stream for a http request-response, I noticed near the end of the stream, there is usually a http 200 OK response. Since there is already a http 200 OK response as mentioned above, what is the http 200 ok near the end of the stream? I tried to find the corresponding HTTP request by looking at the the nearby packets that are before this http 200 OK packet but I can't find one. Does this mean there are multiple http responses?
