Transaction Time How many bytes are in the HTTP message

asked 2019-07-18 15:20:28 +0000

WireSharkBoy gravatar image

updated 2019-07-18 15:21:53 +0000

grahamb gravatar image

Hi can someone explain how to find how many bytes are in the HTTP message, what the HTTP Transaction time is ?

Where can i find in wireshark to determine how many bytes are in the TCP header, How many bytes are in the IP header?

edit retag flag offensive close merge delete

Comments

These look like homework questions. What have you tried?

grahamb gravatar imagegrahamb ( 2019-07-18 15:22:18 +0000 )edit

So ive tried clicking on a package to see how many bytes are for each of these but I dont think i have enough experience in finding it in the right sections of Wireshark. I have clicked on each section ie; the Frame section, Internet protocol . I am just unsure where to look to help answer these questions or how to go about it . Any suggestions or advice ?

WireSharkBoy gravatar imageWireSharkBoy ( 2019-07-18 15:25:19 +0000 )edit

In the packet details pane you see each level of protocol. You should see Ethernet, IP and TCP. You can click each of these in turn and see the size in the status bar at the bottom.

As for HTTP message, you might need to determine which message, depending on the capture file you're using. Does the HTTP Message include the request and response?

The HTTP transaction time is usually the time between the request going out and the response coming back. There is debate whether the time should be the start of the response or the final packet, as the response is often spread over multiple packets.

grahamb gravatar imagegrahamb ( 2019-07-18 15:52:37 +0000 )edit

i dont see the packet details pane as an option ? I only see Frame; Ethernet internet Protocol, Transmission control, Hypertext and extensible markeup language

WireSharkBoy gravatar imageWireSharkBoy ( 2019-07-18 16:12:16 +0000 )edit

See the User Guide section on the Main Window for details on the various panes and then the section on the Packet Details.

grahamb gravatar imagegrahamb ( 2019-07-18 16:19:15 +0000 )edit

Thank you for this information, however i am still confused. I dont see the same options in the Main Window. I really would like to learn from wireshark as i know it is a very powerful tool and could really use the help .

WireSharkBoy gravatar imageWireSharkBoy ( 2019-07-18 17:39:22 +0000 )edit

The example screens in the User Guide are just examples, your traffic will be different.

From your comment above you seem to have them in this order:

  1. Frame - this is general info about the whole packet received.
  2. Ethernet - usually "Ethernet II", this is the Ethernet header.
  3. Internet Protocol - usually "Internet Protocol Version 4" or possible 6, this is the IP header.
  4. Transmission Control Protocol - this is the TCP header.
  5. Hypertext Transfer Protocol - this is the HTTP header.
  6. Extensible Markup Language - this is the HTTP payload, in this case in the form of XML.

These are all basic networking terms, if you don't understand them you have a lot of reading to do, a guide I found is here.

grahamb gravatar imagegrahamb ( 2019-07-18 17:52:22 +0000 )edit
add a comment