> Here is what I do to get the required HTTP stream details from tcpdump: > > * use the -s option to fetch unlimited packet payload (-s 0 or -s 65536 > depending on your system). > * save the capture to a .cap file. > * open with wireshark > * locate any packet in the desired HTTP stream and select "follow TCP stream" > * cut-n-paste the HTTP details out of the resulting plain text document > > PS. if you happen to notice anything strange like binary characters in amongst > the HTTP protocol headers, they themselves could be the cause of the > problems. The only binary should be in payload/object/body blocks between the > message header blocks. > > Amos Hey Amos, Here is the stream content: POST /scripts/mms.dll/JAWS/MMS/acs/f_login HTTP/1.1 Host: www.cmmsau.com User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en,en-us;q=0.5 Accept-Encoding: gzip, deflate Referer: http://www.cmmsau.com/mms/mm_login.htm Cookie: __utma=257591705.1931310241.1381466348.1381466348.1381466348.1; __utmb=257591705.1.10.1381466348; __utmc=257591705; __utmz=257591705.1381466348.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) Content-Type: application/x-www-form-urlencoded Content-Length: 75 Cache-Control: max-age=259200 Connection: keep-alive as_userid=asamuels&as_dbpass=as2013&as_store=00200021&submit.x=0&submit.y=0HTTP/1.1 200 OK Server: Jaguar Server Version 5.5.0 Connection: Keep-Alive Content-Type: text/html Content-Length: 200 <SCRIPT LANGUAGE="JavaScript"> window.location.href="http://www.cmmsau.com/scripts/mms.dll/JAWS/MMS/acs/f_redirect?as_sid=82A18A8F96938DA18A95737E72816AAF&as_proj=00200021&as_flag=RL"; </SCRIPT>GET /scripts/mms.dll/JAWS/MMS/acs/f_redirect?as_sid=82A18A8F96938DA18A95737E72816AAF&as_proj=00200021&as_flag=RL HTTP/1.1 Host: www.cmmsau.com User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en,en-us;q=0.5 Accept-Encoding: gzip, deflate Referer: http://www.cmmsau.com/scripts/mms.dll/JAWS/MMS/acs/f_login Cookie: __utma=257591705.1931310241.1381466348.1381466348.1381466348.1; __utmb=257591705.1.10.1381466348; __utmc=257591705; __utmz=257591705.1381466348.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) Cache-Control: max-age=0 Connection: keep-alive Cheers, John