Trying to do the http-chunked-gzip.pcap testfile on Wireshark 2.0.2, but the assembly appears not to be working. Maybe I am doing something wrong? I compiled WS 2.0.1 and that shows up the combined chunks and I am able to view the uncompressed data. Hope someone can point me in the right direction. [Update 2016-03-24] I tried the Windows version and it does work on it with version 2.0.2 (v2.0.2-0-ga16e22e from master-2.0). Kali Linux reports 2.0.2 (SVN Rev Unknown from unknown) but the package is 2.0.2+ga16e22e-1 (which is the latest). Downloaded the source and compiled, but with the same (not working) results. asked 23 Mar '16, 09:29  marioh edited 25 Mar '16, 07:29  grahamb ♦ showing 5 of 7 show 2 more comments |
One Answer:
In fact this bug was already fixed a few days ago as seen here. You simply need to update your source tree or apply the patch locally. Admin edit, the earlier report of this issue was bug 12238 answered 25 Mar '16, 09:28  Pascal Quantin edited 25 Mar '16, 09:48 grahamb ♦ |
could you please paste the output of 'wireshark -v'?
Sure: Wireshark 2.0.2 (SVN Rev Unknown from unknown)
Copyright 1998-2016 Gerald Combs [email protected] and contributors. License GPLv2+: GNU GPL version 2 or later http://www.gnu.org/licenses/old-licenses/gpl-2.0.html This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with Qt 5.3.2, with libpcap, with POSIX capabilities (Linux), with libnl 3, with libz 1.2.8, with GLib 2.46.2, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, with GnuTLS 3.3.8, with Gcrypt 1.6.3, with MIT Kerberos, with GeoIP, with QtMultimedia, without AirPcap.
Running on Linux 4.4.0-kali1-686-pae, with locale C, with libpcap version 1.7.4, with libz 1.2.8, with GnuTLS 3.3.20, with Gcrypt 1.6.5.
Built using gcc 5.3.1 20160224.
OK, wanted to confirm that you were compiling with zlib. Maybe you have some different tcp/http settings between Linux and Windows?
Hi. As far as I can tell the problem is not as much as not decompressing, but wireshark refuses to "de-chunck" the data. The exact same setup / OS, compiling from source version 2.0.1 will work flawlessly. ireshark 2.0.1 (SVN Rev Unknown from unknown)
Copyright 1998-2015 Gerald Combs [email protected] and contributors. License GPLv2+: GNU GPL version 2 or later http://www.gnu.org/licenses/old-licenses/gpl-2.0.html This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GTK+ 3.18.9, with Cairo 1.14.6, with Pango 1.38.1, with libpcap, without POSIX capabilities, without libnl, with libz 1.2.8, with GLib 2.46.2, without SMI, without c-ares, without ADNS, without Lua, without GnuTLS, without Gcrypt, without Kerberos, without GeoIP, without PortAudio, without AirPcap.
Running on Linux 4.4.0-kali1-686-pae, with locale en_US.UTF-8, with libpcap version 1.7.4, with libz 1.2.8.
Built using gcc 5.3.1 20160307.
I'll change the question title.
OK. Could you please fill a bug on https://bugs.wireshark.org ?
OK. Done. Hope it can be fixed. Thanks for your support.
Admin edit: Bug 12290
yes, it can be fixed, don't worry :)