WS cannot identify HTTP packets
What's wrong with attached packets? They look like part of HTTP POST request but WS doesn't show this https://drive.google.com/open?id=1TSu...
What's wrong with attached packets? They look like part of HTTP POST request but WS doesn't show this https://drive.google.com/open?id=1TSu...
That's HTTP on port 8080 and it decodes in my Wireshark installation. So, either your HTTP protocol settings don't have port 8080 or you're decoding port 8080 to something else.
So, either add 8080 to
Edit -> Preferences -> Protocols -> HTTP -> TCP port(s)
or add/delete a Decode as option for port 8080.
Right click a packet and choose **Decode as**
Regards
Kurt
unpacked http1.pcap.gz and opened http1.pcap in WS followed TCP stream (tcp.stream eq. 0) with right mouse click, menu selection and what I get is (no threats found with 360 total security) the following code: " POST /opt/in/RepProducedProduct_v3 HTTP/1.0 content-type: multipart/form-data; boundary=8480CD4A34728DC5929AA124D9FFA1FB0 content-length: 17273716 user-agent: SAP NetWeaver Application Server (1.0;752) host: 10.0.2.152:8080 accept: /
--8480CD4A34728DC5929AA124D9FFA1FB0 Content-Type: application/xml Content-Disposition: form-data; name="xml_file"; filename="test.xml"
<ns:documents xmlns:ns="http://fsrar.ru/WEGAIS/WB_DOC_SINGLE_01" xmlns:rpp="http://fsrar.ru/WEGAIS/RepProducedProduct_v3" xmlns:oref2="http://fsrar.ru/WEGAIS/ClientRef_v2" xmlns:ce3="http://fsrar.ru/WEGAIS/CommonV3" xmlns:pref2="http://fsrar.ru/WEGAIS/ProductRef_v2"> <ns:owner> <ns:fsrar_id>010060693343</ns:fsrar_id> </ns:owner> <ns:document> <ns:repproducedproduct_v3> <rpp:identity>0000000067</rpp:identity> <rpp:header> <rpp:type>OperProduction</rpp:type> <rpp:number>0000000067</rpp:number> <rpp:date>2019-02-16</rpp:date> <rpp:produceddate>2019-02-15</rpp ... (more)
follow up:
not sure why these entries are not shown: ... ... <ce3:amc>108400090979201018001OTBTSFSBPUXZHEEOR7S7D7Y77YDD6HZ7LEKK55FWQNIBBY57TZR5YUPJZCPXN7RIN2N6HDJLVP3OF56G3TEIOZKLGHKNQQA77NUD4NKOGGHRXP6DAOMBD6ZCZA3EM4PKQ</ce3:amc>
They look like part of HTTP POST request
and that's what you get, based on your first comment. Maybe I don't understand your problem. Can you please rephrase?
A screenshot could help as well.
Port 8080 is already configured (by default) and WS successfully parses neighboring requests to the same port. There must be a specific problem with these frames. I know for sure it's a POST request with multipart form attached.
To enter a block of code:
Comments