Wireshark mailing list archives
Problem with XML Dissector
From: Alexandre Vieira <nullpt () gmail com>
Date: Wed, 13 Oct 2010 16:26:30 +0100
Hi list, I'm having trouble dissecting an HTTP POST that comes with "Content-encoded entity body (gzip)" from the client side. I'm using TShark 1.0.13 Compiled with GLib 2.4.1, with libpcap 1.1.1, with libz 1.2.3, without POSIX capabilities, with libpcre 8.2, without SMI, with ADNS, without Lua, without GnuTLS, without Gcrypt, without Kerberos. Running on SunOS 5.10, with libpcap version 1.1.1. Built using gcc 3.4.3 (csl-sol210-3_4-branch+sol_rpath). All requests that are submited without gzip compression are dissected correctly. I'm using tshark like: $ /usr/local/bin/tshark -o tcp.check_checksum:false -r /tmp/mycap_test.cap -V -d tcp.port==10010,http The requests that are dissected correctly: Hypertext Transfer Protocol POST /App HTTP/1.1\r\n Request Method: POST Request URI: /App Request Version: HTTP/1.1 Content-Type: text/xml\r\n User-Agent: CLIENT1/3.0/1.0\r\n Authorization: Basic XXXXXXXXXXXXXXXXXXXX\r\n Credentials: xxxxxx:xxxxxx Content-Length: 561\r\n [Content length: 561] Cache-Control: no-cache\r\n Pragma: no-cache\r\n Host: 192.168.87.8:10010\r\n Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\r\n Connection: keep-alive\r\n \r\n eXtensible Markup Language <?xml version="1.0" encoding="UTF-8" ?> (....................................................) The requests that don't work: Hypertext Transfer Protocol POST /App HTTP/1.1\r\n Request Method: POST Request URI: /App Request Version: HTTP/1.1 Content-Type: text/xml\r\n User-Agent: CLIENT2/3.0/1.0\r\n Authorization: Basic XXXXXXXXXXXXXXXXXXXX\r\n Credentials: xxxxxx:xxxxxx Content-Encoding: gzip\r\n Accept-Encoding: gzip\r\n Content-Length: 566\r\n [Content length: 566] Cache-Control: no-cache\r\n Pragma: no-cache\r\n Host: 192.168.87.8:10010\r\n Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\r\n Connection: keep-alive\r\n \r\n Content-encoded entity body (gzip): 566 bytes Data (566 bytes) 0000 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 <?xml version="1 0010 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 69 73 .0" encoding="is 0020 6f 2d 38 38 35 39 2d 31 22 3f 3e 3c 6d 65 74 68 o-8859-1"?><meth (.......................................) Anyone can shed a light on this? Thanks in advance! BR -- Alexandre Vieira - nullpt () gmail com
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Problem with XML Dissector Alexandre Vieira (Oct 13)