This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

What is normal network traffic?

0

What is the normal network traffic to open a webpage?

asked 09 Feb '12, 19:25

susan's gravatar image

susan
1111
accept rate: 0%

edited 10 Feb '12, 13:39

multipleinterfaces's gravatar image

multipleinte...
1.3k152340


3 Answers:

1

As the other answers have noted, there is no one simple definition of "normal" when it comes to web traffic. There are a few things that will be common to each attempt, but the number of things that not only can, but very likely will, be different make it difficult to describe exactly what will constitute normal web traffic. That said, there are a few things that should (but will not necessarily) happen in a usual transaction:

  • There will be a DNS lookup, possibly preceded by some ARP requests [RFC 726], for the given domain name (unless it is already cached) [RFC 1035]
  • There will be a TCP connection established (as @dixglata notes, this will be the [SYN], [SYN/ACK], [ACK] sequence in most cases), usually over port 80 or 443 (as @jaz0nj4ckal noted) [RFC 793]
  • There will be at least one HTTP GET request [RFC 2616]
  • The server will transfer the content of the page

The overall amount of traffic you see will depend on many things (e.g. does the GET result in a redirect? does the page contain a flash animation, Java applet, or other content that may transfer data between the browser server or even other servers? etc.). What kind of traffic you capture may also look different (e.g. does the connection leverage TLS [RFC 2246]? Is the server configured for a port other than 80 or 443? is the connection proxied? etc.).

answered 10 Feb '12, 13:38

multipleinterfaces's gravatar image

multipleinte...
1.3k152340
accept rate: 12%

0

Normal is a very broad word when it comes to answering this question; however, HTTP (port: 80) and HTTPS (port: 443) will be used to open most webpages.

answered 10 Feb '12, 11:56

jaz0nj4ckal's gravatar image

jaz0nj4ckal
15112
accept rate: 0%

0

look for packets with [SYN], [SYN, ACK] and [ACK] the tcp handshake

answered 10 Feb '12, 13:21

dixglata's gravatar image

dixglata
1
accept rate: 0%