I recently installed xampp (Apache Friend) on my laptop and I wanted to capture GET requests made by my browser. I installed Wireshark, but cannot see hoe to configure it to do what I want. It lists 4 interfaces, and I tried each one.

The 'interfaces' shows 4 choices, and I tried each one.

asked 29 Mar '13, 07:52

AndyS01's gravatar image

AndyS01
11113
accept rate: 0%


You don't say what your OS is, but if it's Windows then Wireshark can't capture requests made to the local machine, that is if you run the browser on the same machine as the web server. This is because the MS network stack recognises that the packet is local so "short-circuits" the packet and the WinPCap driver that Wireshark uses to capture doesn't see the packet.

If your OS is not windows, then capturing on the loopback adaptor should do the trick.

link

answered 29 Mar '13, 08:34

grahamb's gravatar image

grahamb ♦
7.8k224110
accept rate: 18%

edited 29 Mar '13, 12:35

I'm running Windows 7 (32 bit)

When my browser (Opera) is running on the local machine, it still does GET requests, though.

Because I can see the Apache php/perl stuff, perhaps I could modify the handler for multipart packet transfers to fire off a log message with details about the packet. I looked around and I saw that there were dozens of php and perl code that reference 'multipart'. Perhaps I could modify one of those?

(29 Mar '13, 13:55) AndyS01

The browser/web server combination on the same machine will work without issues, but Wireshark won't be able to capture the traffic.

Network Monitor from MS might be able to capture the traffic and Wireshark can open the NM capture files.

(29 Mar '13, 14:43) grahamb ♦

@AndyS01

I converted your first "answer" to a comment as that's how this site works, it's not a forum, please see the FAQ for more info.

As your second "answer" was a duplicate of the converted comment I've deleted it.

Can you clarify your subsequent question and how it refers to Wireshark as Wireshark only handles network traffic, not log files?

(30 Mar '13, 05:49) grahamb ♦

I'm sorry, I got off track a bit. I still need to capture network traffic generated by the Apache server that's running under xampp. My xampp httpg.conf file is configured to a servername of <myipaddress> (instead of localhost), and my browser address is something like this: "http://<myipaddress>/test.html". The test.html code gets a filename and uploads it using 'enctype="multipart/form-data'. I expect to see several HTTP GET requests, but Wireshark does not capture them. In Wireshark, I selected all 4 interfaces.

(31 Mar '13, 16:51) AndyS01

As I mentioned n my reply, the issue is not with the xampp stack or configuration, but with the Windows network stack and WinPCap.

On Windows, packets addressed to the local host (whether that is localhost or an IP that the host has) aren't captured by WinPCap.

See the Wiki page on Loopback Capturing for more info and a number of ways that may allow you to capture the traffic you want.

The two easiest ways I know of to capture the traffic you want are:

  1. Run the client side on a different machine to the server.
  2. Use Network Monitor from MS to make the capture, then open the captures in Wireshark.
(01 Apr '13, 00:40) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×5
×1

Asked: 29 Mar '13, 07:52

Seen: 522 times

Last updated: 01 Apr '13, 00:40

powered by OSQA