Ask Your Question

Revision history [back]

Basic steps:

  1. Start Wireshark and begin capturing traffic on the correct network interface
  2. Launch browser (if you haven't already) and enter the website URL to access the web page of interest
  3. After the page finishes loading, stop Wireshark from capturing
  4. Perform your analysis

To limit the amount of traffic you capture, you could apply an appropriate capture filter, such as limiting traffic to TCP only and to a particular host, or even to a particular port, likely 80 or possibly 443.

If you still haven't captured any relevant HTTP traffic, then maybe you were capturing on the wrong interface, or maybe the traffic wasn't HTTP at all but HTTPS, in which case you will have to look for the relevant TCP connection carrying the encrypted SSL (TLS) traffic instead of the unencrypted HTTP traffic.