This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Having problem with decoding Http Get request

0

Hi All,

I am facing an issue with customer network wherein when i request an HTTP/GET request it is going as a data payload in the TCP request to the server. due to this I am unable to do http based enhancements to the URL. The PSH, ACK flag is set and when I follow the TCP request i see it as a proper GET request

GET / HTTP/1.1 Connection: Keep-Alive Host: x.x.x.x:8180

The communication with server is also happening fine.

Whereas for another URL with the same process I m seeing a proper Http/Get request.

I m not able to understand what is this issue pertaining to. Is it an issue with the sending application settings? How do i resolve this

asked 06 Sep '13, 01:18

Vinay%20Pagadal's gravatar image

Vinay Pagadal
11113
accept rate: 0%

One Answer:

2

GET / HTTP/1.1 Connection: Keep-Alive Host: x.x.x.x:8180

The reason why you don't see the HTTP REQUEST in Wireshark is the port. Wireshark 'detects' HTTP mainly on the port and the standard ports for HTTP do not include port 8180.

There are two options.

  1. Right click one of the packets and choose: Decode As -> HTTP
  2. Edit -> Preferences -> Protocols -> HTTP -> TCP Ports: [add port 8180 to this list]

After that, you will see the conversation as HTTP and you should be able to use these display filters:

http.request or http.response

Regards
Kurt

answered 09 Sep '13, 09:02

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Oh so there is no problem with my client or server sending the request...its just that wireshark is unable to decode it as an Http request due to a non standard TCP port number.

Thanks a lot for your help Kurt :)

(11 Sep '13, 00:23) Vinay Pagadal