This is our old Q&A Site. Please post any new questions and answers at

Hi, i have a strange issue that i hope someone can help me with. I am trying to alleviate network issues for my app. i have 2 traces going one client side and 1 monitoring firewall and server side. I see the packet in the client side but not in the server side. i decided to check the binary file and there is an entry on the server side for this packet as it has a unique http cookie. the only problem i have is that i cannot see it in the gui which means i cannot see the conversation and see if any errors are relted to that particular stream.

Any help on why this happens would be greatly appreciated.


asked 18 Apr '11, 20:40

mmmchippy's gravatar image

accept rate: 0%

If you can see it in tyhe binary pcap file there should be a packet in the GUI with the corresponding content, not necessary a http packet though. What happens if you filter with "frame contains" and the pattern?

(18 Apr '11, 23:09) Anders ♦

Please try the following. Go to the protocol preferences of TCP and then disable "Allow subdissector to reassemble TCP streams". When doing that, the HTTP dissector will not try to reassemble all data into a full HTTP request and response. There can be several causes for the HTTP dissector to fail reassembling and thus showing only "[TCP segment of a reassembled PDU]" packets. Disabling the reassembly will make Wireshark dissect all TCP packets on it's own.

permanent link

answered 18 Apr '11, 23:49

SYN-bit's gravatar image

SYN-bit ♦♦
accept rate: 20%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 18 Apr '11, 20:40

question was seen: 2,819 times

last updated: 18 Apr '11, 23:49

p​o​w​e​r​e​d by O​S​Q​A