Hi all, I am new to using wireshark. I captured network activity while loading a simple text based webpage and selected the option "Follow TCP data". I can see the HTTP request and response in plain text, but the data part is completely scrambled. It is simple http request so I expected the data part to be readable as well. Where am I going wrong? Please let me know.
asked 15 Dec '14, 11:27
The HTTP response is most certainly using compression, like the example below:
As "Follow TCP Stream" does not support HTTP decompression, you won't see the HTTP response in cleartext. We would need something like "Follow HTTP Stream", which does not yet exist.
You can look at the response in cleartext within the packet bytes pane and the packet details pane, as the HTTP dissector does decompression of the HTTP data.
answered 15 Dec ‘14, 12:07
Kurt Knochner ♦
edited 15 Dec ‘14, 12:11