Hello,

I attempted this afternoon to do something I believe I did in the past using tshark, to no avail.

That is the code, and from what I recall of times since past when this was done, gzipped packets were subsequently decoded under a section "Uncompressed Entity Body". However, today, nothing was decoded. I can grep the output and see that the gzipped traffic is being identified, but the subsequent decoding of it isn't there.

Might anyone have a solution that I am unaware of? As I said, I am almost certain I have done this in the past. The fact that it doesn't work now is very confusing to me.

If the specifics are of interest, I'm running Ubuntu 9.10, and the traffic I was looking to decode involved the html content of Google search results. Specifically, the gzipped encoding should be able to be processed with tshark to output html with tshark's -V switch.

Alright, it seems as if I've solved my own problem, and a simple mistake it was at that. This brings up another question, however.

What is happening it seems is that the output is being truncated for longer lines. I was grepping for information in the output that I expected to be there, but it was getting cut by this truncation operation.

I'll look into this to solve my problem.

Hopefully someone in the future may be assisted by these misfortunes! It baffled me for some time.