link for tcpdump file 203_tcpdump.pcap -- https://www.cloudshark.org/captures?_message=BAh7BjoLbm90aWNlSSIaV2VsY29tZSB0byBDbG91ZFNoYXJrBjoGRVQ%3D%0A
203_tcpdump.pcap is captued on server 10.5.207.203. It is receiving traffic from 10.5.129.207. 203 stands for 10.5.207.203 207 stands for 10.5.129.207
Below is the http packet request/response count and error description.
packet count 15 - from 207 to 203. - http.response.code == 500 - internal server error - The [action] cannot be processed at the receiver. - http/xml
packet count 30 - from 207 to 203 - http.response.code == 404 - Error 404: SRVE0190E: File not found: /services/ResponseHandlerPort/mex - pure http
packet count 14 - from 207 to 203 - http.response.code == 400 - The [action] cannot be processed at the receiver. - http/xml
packet count 15 - from 207 to 203 - http.response.code == 302 - 302 Found - pure http
packet count 15 - from 207 to 203 - http.response.code == 202 - 202 Accepted - pure http
http.response.code == 200 - success. - from 207 to 203 and from 203 to 207 - pure http and http/xml both.
http.request.method == POST - packet count 82 - from 207 to 203 and 203 to 207 - all http/xml
http.request.method == GET - packet count 45 - from 203 to 207 - all HTTP
HTTP Response packets.
redirection - 302
success - 202 and 200
server error - 500
client error - 404 and 400
HTTP Request packets.
GET and POST
I want to know the below points:-
Are the http response codes other than 200 and 202 are normal or i need to send these errors to the client i.e. 207 server to stop sending such http requests to my server 203? wht exactly is the meaning of each of them?
What is exactly POST and GET? i see GET is purely HTTP and POST is http/xml. can GET also be http/xml and POST can be pure http?
why i dont see any GET from 207 to 203?
what is exacty http response code 202. how is it different from http response code 200.
If i want to check all the tcp, http and other protocols packets for a particular transaction i.e. request for particular mobile number. will the stream be same for all such packets or it will different. follow tcp stream is the option to check all tcp syn to fin, http and other protocols packets for a particular transaction or there is some other option. That is I will search in filter like this "http contains XXXXX" this will give the packet containing XXX. then i will do follow tcp stream on this packet to see all packts related to that. XXXXX is the mobile number i.e. msisdn.
How to avoid this error "X bytes missing in capture" while capturing tcpdump. So that entire packets are displayed from source to destination and vice-versa when doing follow http stream. This is present in file TCP_DUMP_199.pcap present at same link as above.