Sign in
 
HomeLibraryWikiLearnGalleryDownloadsSupportForumsBlogs
Resources for IT Professionals >
How to filter only HTTP requests?

Answered How to filter only HTTP requests?

  • Tuesday, May 12, 2009 4:08 PM
     
     
    Sign In to Vote
    0
    Hello,

    I want to capture the HTTP traffic on my computer. Both, the browser and the webserver are running on my computer.

    Because I cannot find a way to specify this directly, I type the following term into the "Capture Filter" box:

    ( Tcp.DstPort == 80 or Tcp.DstPort == 8080 or Tcp.DstPort == 8084 )

    The window "Display Filter" is empty and all Network Adapters are selected.

    Then I click "Apply" and "Start".

    In a browser window, I open the address http://localhost:8080/ where Tomcat is running. Now, the Network Monitor should display anything in the "Frame Summary" window.

    But it does not. Why?

    Thanks



     

All Replies

  • Tuesday, May 12, 2009 4:54 PM
    Owner
     
     
    Sign In to Vote
    0
    If you start a trace with no filter at all, do you see traffic appear?  It almost sounds like there's another problem here.  If nothing appears in this case, please tell me what you see in the frame summary window, like are there columns visable (Frame Number, Time Offset, etc)?

    Also your filter should capture traffic, but only in one direction.  If you want to capture traffic in both directions you can use this filter instead.

    ( Tcp.Port == 80 or Tcp.Port == 8080 or Tcp.Port == 8084 )

    Thanks,

    Paul
     
  • Wednesday, May 13, 2009 7:18 AM
     
     
    Sign In to Vote
    0
    Thank you for your answer Paul,

    if I do not set any filter, I can see network traffic in the "Frame Summary" window. But I do not see any lines according to http://localhost:8080 - even without a filter. 

    It seems that only network traffic to or from other computers is captured.

    Regards
    Wolfgang
     
  • Wednesday, May 13, 2009 1:50 PM
    Owner
     
     Answered
    Sign In to Vote
    0

    That is true.  I just noticed the "localhost" reference which I realize means you are hosting the web site local.

    You might try this work around as we've had some success.  If we try to add a route so that local packets are sent to the router, this could cause the packets to bounce back to your machine and this will let NM see the traffic.  So simply do this command at a command prompt.

    route add <IP Address of the server that you are on> <IP Address of default gateway of the server you are on>

    If this works properly, you'll see the traffic though it will be duplicated.  You can elimiate the traffic with a filter to not display the packets where the source ethernet address matches the router.

    Please let me know if this works for you.

    Paul

    • Marked As Answer by wimwum Tuesday, May 19, 2009 2:09 PM
    •  
     
  • Tuesday, May 19, 2009 2:13 PM
     
     
    Sign In to Vote
    0
    Thank you, Paul

    this works fine for real network adapters.

    Regards
    Wolfgang