Ask Your Question
0

Wireshark is not showing any GET HTTP's and I have no filters, a fresh wireshark install.

asked 2018-10-17 12:42:30 +0000

shsetose gravatar image

updated 2018-10-17 13:28:43 +0000

I am working on a school assignment and I am suppose to be able to know what time my machine actually gets the webpage. I am not sure how to figure this out on wireshark. I know it has something to do with GET HTTP. But I am not seeing any sort of GET HTTP in wireshark. I am using a fresh install with not changing anything, so everything is standard, no filters. I am using Windows 10 Pro.

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2019-03-21 16:39:23 +0000

Zaaf gravatar image

Try from command prompt to get the name of wireless interface to run capture against it tshark -D
you may need to run tshark from an account with special privileges. if is not run from a privileged account, it will not list any interfaces.

Then run

tshark -i WIFI_INT_NAME and see if it picks any thing. I had situation before when only one was traffic was captured while I was able to open the web pages successfully.

edit flag offensive delete link more
add a comment
0

answered 2018-10-17 14:16:32 +0000

cmaynard gravatar image

Basic steps:

  1. Start Wireshark and begin capturing traffic on the correct network interface
  2. Launch browser (if you haven't already) and enter the website URL to access the web page of interest
  3. After the page finishes loading, stop Wireshark from capturing
  4. Perform your analysis

To limit the amount of traffic you capture, you could apply an appropriate capture filter, such as limiting traffic to TCP only and to a particular host, or even to a particular port, likely 80 or possibly 443.

If you still haven't captured any relevant HTTP traffic, then maybe you were capturing on the wrong interface, or maybe the traffic wasn't HTTP at all but HTTPS, in which case you will have to look for the relevant TCP connection carrying the encrypted SSL (TLS) traffic instead of the unencrypted HTTP traffic.

edit flag offensive delete link more

Comments

I am on the correct interface. I am on Wi-Fi. This is the only interface showing activity. All other interfaces are showing flatlines. Also just in case I was incorrect I tried using all other interfaces and got no captured packets, I got an error. So I verified I was on the correct interface that way as well.

shsetose gravatar imageshsetose ( 2018-10-17 14:22:06 +0000 )edit

Have you tried to force a web page refresh while capturing?

cmaynard gravatar imagecmaynard ( 2018-10-17 14:27:06 +0000 )edit

Yes I tried that. I also tried putting the computer in sleep mode while capturing and waking it up and still get the same results. Sometimes I don't even get a handshake. I have tried promiscuous box checked and unchecked as well, same results.

shsetose gravatar imageshsetose ( 2018-10-17 14:34:15 +0000 )edit

I suppose if you can't figure out how to capture the packets you need to analyze the response time using Wireshark, you could try another tool. Search for "How to measure web page load time" and you will find a number of possible solutions.

cmaynard gravatar imagecmaynard ( 2018-10-17 14:48:57 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2018-10-17 12:42:30 +0000

Seen: 39,754 times

Last updated: Mar 21 '19

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2