This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Packet in Binary file but not showing in wireshark gui

0

Hi, i have a strange issue that i hope someone can help me with. I am trying to alleviate network issues for my app. i have 2 traces going one client side and 1 monitoring firewall and server side. I see the packet in the client side but not in the server side. i decided to check the binary file and there is an entry on the server side for this packet as it has a unique http cookie. the only problem i have is that i cannot see it in the gui which means i cannot see the conversation and see if any errors are relted to that particular stream.

Any help on why this happens would be greatly appreciated.

Mick

asked 18 Apr '11, 20:40

mmmchippy's gravatar image

mmmchippy
1111
accept rate: 0%

If you can see it in tyhe binary pcap file there should be a packet in the GUI with the corresponding content, not necessary a http packet though. What happens if you filter with "frame contains" and the pattern?

(18 Apr '11, 23:09) Anders ♦

One Answer:

0

Please try the following. Go to the protocol preferences of TCP and then disable "Allow subdissector to reassemble TCP streams". When doing that, the HTTP dissector will not try to reassemble all data into a full HTTP request and response. There can be several causes for the HTTP dissector to fail reassembling and thus showing only "[TCP segment of a reassembled PDU]" packets. Disabling the reassembly will make Wireshark dissect all TCP packets on it's own.

answered 18 Apr '11, 23:49

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%