FS#32288 - [wireshark] fails to uncompres gzipped data streams
Attached to Project:
Arch Linux
Opened by georg (fordprefect) - Monday, 29 October 2012, 21:18 GMT
Last edited by Guillaume ALAUX (galaux) - Thursday, 08 November 2012, 00:39 GMT
Opened by georg (fordprefect) - Monday, 29 October 2012, 21:18 GMT
Last edited by Guillaume ALAUX (galaux) - Thursday, 08 November 2012, 00:39 GMT
|
Details
Description:
wireshark can follow streams and decode them, if they are gzipped. at least if compiled with the correct switch. this seems to be the case in [extra]. Additional info: wireshark-gtk 1.8.3-2 Steps to reproduce: preferences > protocols > http > uncompress entity bodies call http site, follow stream, try to read dada => fails |
This task depends upon
Closed by Guillaume ALAUX (galaux)
Thursday, 08 November 2012, 00:39 GMT
Reason for closing: Not a bug
Thursday, 08 November 2012, 00:39 GMT
Reason for closing: Not a bug
Please provide at least some log/output/crash report, and some more precise steps to reproduce and result than just "fails".
Some more gzipped examples in this page [1]
[0] http://betterexplained.com/examples/compressed/index.html
[1] http://betterexplained.com/articles/how-to-optimize-your-site-with-gzip-compression/
i aint sure if i understand you correctly, but i see this option too, and its not greyed out and also its enabled.
still, if i follow a tcp stream, wirashark does not automatically decompress the content.
if i search gnu on wikipedia, and follow the stream, i get [0], instead of decoded html package.
am i expecting something wrong, did i miss something? if so, please tell me.
thanks
georg
[0] http://pastebin.com/9ySk81JY
I cannot find any *official* page stating this. Just a request to implement it [0] and a blog showing this [1].
FYI you can see decompressed content on the intermediate pane of the main wireshark window.
[0] http://article.gmane.org/gmane.network.wireshark.devel/24448/
[1] http://software-security.sans.org/blog/2009/05/21/examine-http-compressed-gzip-content
now i also found, what you meant. i didnt notice too fast, that i needed to have a look at the last split package.
so, thanks for helping and sorry for the noise.
No worries !