On 6/5/07, Stephen Fisher <[EMAIL PROTECTED]> wrote: > On Fri, Jun 01, 2007 at 04:20:04PM +1200, Rohit Grover wrote: > > > Incidentally, upon viewing a simple HTTP dialogue using wireshark, I > > noticed that the server's first HTTP response datagram wasn't tagged > > by wireshark as HTTP. I'm quite sure I'm missing something because a > > something of this sort can't go un-noticed if it is a bug. > > Was the HTTP traffic on a standard HTTP port/proxy port? Wireshark by > default recgonizes traffic on TCP ports 80, 3128, 3132, 8080, 8088, > 11371, 3689 as some form of HTTP. It also recgonizes SSDP over HTTP on > TCP and UDP ports 1900. There is a preference option to add one more > port to the list of recgonized ports if you need.
I discovered that the problem had to do with packet reassembly. Upon turning off the option which permits sub-dissectors to reassemble packets, HTTP reponses spanning multiple packets were correctly identified. regards, Rohit. _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
