Hello,
I attempted this afternoon to do something I believe I did in the past using tshark, to no avail.
Code:
sudo tshark -V > dumpfile
That is the code, and from what I recall of times since past when this was done, gzipped packets were subsequently decoded under a section "Uncompressed Entity Body". However, today, nothing was decoded. I can grep the output and see that the gzipped traffic is being identified, but the subsequent decoding of it isn't there.
Might anyone have a solution that I am unaware of? As I said, I am almost certain I have done this in the past. The fact that it doesn't work now is very confusing to me.
If the specifics are of interest, I'm running Ubuntu 9.10, and the traffic I was looking to decode involved the html content of Google search results. Specifically, the gzipped encoding should be able to be processed with tshark to output html with tshark's -V switch.