Hi, i have a strange issue that i hope someone can help me with. I am trying to alleviate network issues for my app. i have 2 traces going one client side and 1 monitoring firewall and server side. I see the packet in the client side but not in the server side. i decided to check the binary file and there is an entry on the server side for this packet as it has a unique http cookie. the only problem i have is that i cannot see it in the gui which means i cannot see the conversation and see if any errors are relted to that particular stream. Any help on why this happens would be greatly appreciated. Mick asked 18 Apr '11, 20:40  mmmchippy |
One Answer:
Please try the following. Go to the protocol preferences of TCP and then disable "Allow subdissector to reassemble TCP streams". When doing that, the HTTP dissector will not try to reassemble all data into a full HTTP request and response. There can be several causes for the HTTP dissector to fail reassembling and thus showing only "[TCP segment of a reassembled PDU]" packets. Disabling the reassembly will make Wireshark dissect all TCP packets on it's own. answered 18 Apr '11, 23:49  SYN-bit ♦♦ |
If you can see it in tyhe binary pcap file there should be a packet in the GUI with the corresponding content, not necessary a http packet though. What happens if you filter with "frame contains" and the pattern?