I'm using wireshark to sniff HTTPs packets.
In some cases, HTTPs response was not reassembled by wireshark.
I give all ssl session keys to wireshark, so keys doesn't cause the problem.
When I followed SSL stream, I got the result below.
GET /api/webimage/5357a5d5090b5553a9c78ed2-1-large.jpg HTTP/1.1
host: contestimg.wish.com
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; SM-N916S Build/MMB29K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.97 Mobile Safari/537.36
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 181501
Connection: keep-alive
Date: Wed, 29 Mar 2017 07:35:48 GMT
Cache-Control: max-age=1208728
ETag: "99df3c51782782beb9ef06ab89c911990521e3f6"
Server: TornadoServer/2.1git-cl
Timing-Allow-Origin: *
X-Cache: Miss from cloudfront
Via: 1.1 1787e729a1c3fb1d4583d4cb9052972b.cloudfront.net (CloudFront)
X-Amz-Cf-Id: QayZ8W4yd8fjBeGqcL1Fzzy1cVQATFyYabfxE5LkMUz7bN60DGq74A==
……JFIF………….C………………………………. … ……
…..
.
…C………..
…
Also, when I followed HTTP stream, I got the result below which shows only request.
GET /api/webimage/5357a5d5090b5553a9c78ed2-1-large.jpg HTTP/1.1
host: contestimg.wish.com
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Linux; Android 6.0.1; SM-N916S Build/MMB29K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.97 Mobile Safari/537.36
Actually, this was an image request, and I got the image and saw in a mobile.
In addition, all TLSv1.2(HTTPs) packets related to this HTTP response seemed to be collected when I saw wireshark.
What should I do to solve this problem?
When wireshark’s HTTP dissector fails to reassemble HTTP request/response?
Is it possible that wireshark’s HTTP dissector fail although all packets related to HTTP request/response arrived?
Thank you
asked 29 Mar '17, 02:21
Hyunho
6●1●1●2
accept rate: 0%