Hi, I am searching for a specific xml data string and the pointer finds the specific packet number. Then I right click "follow tcp stream" and don't find it (I am not talking about while it is written in "white"). Then I look at tcp data segment window below, and find it! My question is why parts of the xml are written in the follow tcp stream window and some are not (and are only available at the tcp data segment window)? BR, Yuval Sivan. asked 30 May '11, 03:13  yuvalsivan |
2 Answers:
Could it be that the XML object was compressed when it was sent over HTTP? The HTTP dissector is able to decompress the object, while "Follow TCP Stream" does just that, it shows you the raw data sent over TCP. answered 01 Jun '11, 23:23  SYN-bit ♦♦ |
Sadly, wireshark's capabilities are quite limited when working with tcp streams, especially those that are compressed. You can decompress the stream using tcpflow, however. answered 01 May '13, 11:25  bhh |
