haslayer() on xp return false and packet with large HTTP data and mapping http request/response

[tianxiawuzhe]

Using python3.4 and latest scapy-matster. When I try to cap HTTP data with scapy_http's HTTPRequest/HTTPResponse, i found :

using packet.haslayer(HTTPRequest), return False on winxp sp3, but on Windows 7 is True.

could not cap with large HTTP data, when trying cap large post request, it will: Detail : Traceback (most recent call last): File "HelloWorld.py", line 185, in pkt_parser File "site-packages\scapy\packet.py", line 1230, in decode_payload_as File "site-packages\scapy\base_classes.py", line 239, in call File "site-packages\scapy\packet.py", line 134, in init File "site-packages\scapy\packet.py", line 755, in dissect File "site-packages\scapy_http\http.py", line 150, in do_dissect ValueError: need more than 1 value to unpack I cap this data with wireshark, it shows one request has two segments, Thus, i want to know sniff's prn function, whether the packet has the total datas or a piece of datas? And how can i assemble all piece of HTTP datas ?

how can i match a HTTPRequest packet and a HTTPResponse packet? request/response packet may not be req-resp-req-resp, may by req-req-req-resp-resp-resp.

Many thanks.