Don't see request for HTTP protocol

romario4
1 ●1 ●2 ●2

I am using a win service that is sending a POST request to some host. I'm able to filter/catch it in Wireshark and there is a response there, but nothing about request and its headers. Could you someone show me the right way, please :) Screenshot is below Thank you.

I'm using v.2.6.1. Windows 10 x64

https://ibb.co/jHoiF8

Comments

do you see the request if you Follow the tcp stream?

thetechfirm ( Jun 6 '18 )

No. Under "Entire Conversation" dropdown list it states that no request was sent to target destination (0 bytes) Only response is available.

Screenshot - https://ibb.co/fJaBL8

romario4 ( Jun 6 '18 )

Could you make the entire capture available on some site, so we can download it and look at it?

If not, could you show us the summaries of packets 1 through 59?

Guy Harris ( Jun 6 '18 )

Try this link - https://ufile.io/71mrj Is this what you need? There are packets from #53 to #62 only related to the destination IP.

romario4 ( Jun 7 '18 )

add a comment

2 Answers

Sort by » oldest newest most voted

answered Jun 8 '18

Rooster_50

254 ●10 ●21 ●26

Your capture contains only traffic from the Server to the Client. The reason may be due to the way you obtained your capture. If you did a port span, you may have only spanned the Tx of the server switch port and not both Tx and Rx.

Can you provide any information on how you are capturing your data?

link

Comments

Sure.

Start Wireshark.exe
Select inteface to capture traffic
Capture has started and to filter the incoming data I use "ip.addr == xxxx.xxxx.xx.xx" as a display filter. (I know the DNS name, ping the server and get the ip address. ip.addr filter as I know gets the data where specified IP is used for source OR destination)

romario4 ( Jun 8 '18 )

"Start Wireshark.exe" on what? The server itself, or are you capturing from another machine? If from another machine, how are you capturing the data to/from the server? Port Span, TAP, L1 Hub, etc?

Rooster_50 ( Jun 9 '18 )

Hm.. I am starting it on my local notebook. With default settings just choosing the interface (Ethernet #..) from the list. Start catching traffic and the filter it with display filter.

I believe there is no port span or tap. Not sure what is L1 Hub.

Just to make an analogy with Fiddler - you start the app, do your http things in the browser and see all the requests/responses there. My expectations were the same using wireshark :)

romario4 ( Jun 9 '18 )

Am I doing something wrong on the app start?

romario4 ( Jun 11 '18 )

add a comment

answered Jun 12 '18

romario4
1 ●1 ●2 ●2

I think I found the answer... I uninstalled 2.6.1 version and installed - Old Stable Release (2.4.7) With 2.4.7 everything works and I see the requests (POST/GET/etc)

Bug in 2.6.1?

Thanks!

link

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Don't see request for HTTP protocol

Comments

2 Answers

Comments

Your Answer

Question Tools

Stats

Related questions

Don't see request for HTTP protocol savecancel

Comments

2 Answers

Comments

Your Answer

Question Tools

Stats

Related questions

Don't see request for HTTP protocol