First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Wireshark is not showing any GET HTTP's and I have no filters, a fresh wireshark install.

  • retag add tags

I am working on a school assignment and I am suppose to be able to know what time my machine actually gets the webpage. I am not sure how to figure this out on wireshark. I know it has something to do with GET HTTP. But I am not seeing any sort of GET HTTP in wireshark. I am using a fresh install with not changing anything, so everything is standard, no filters. I am using Windows 10 Pro.

shsetose's avatar
1
shsetose
asked 2018-10-17 12:42:30 +0000, updated 2018-10-17 13:28:43 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

0

Basic steps:

  1. Start Wireshark and begin capturing traffic on the correct network interface
  2. Launch browser (if you haven't already) and enter the website URL to access the web page of interest
  3. After the page finishes loading, stop Wireshark from capturing
  4. Perform your analysis

To limit the amount of traffic you capture, you could apply an appropriate capture filter, such as limiting traffic to TCP only and to a particular host, or even to a particular port, likely 80 or possibly 443.

If you still haven't captured any relevant HTTP traffic, then maybe you were capturing on the wrong interface, or maybe the traffic wasn't HTTP at all but HTTPS, in which case you will have to look for the relevant TCP connection carrying the encrypted SSL (TLS) traffic instead of the unencrypted HTTP traffic.

cmaynard's avatar
11.1k
cmaynard
answered 2018-10-17 14:16:32 +0000
edit flag offensive 0 remove flag delete link
more

Comments

I am on the correct interface. I am on Wi-Fi. This is the only interface showing activity. All other interfaces are showing flatlines. Also just in case I was incorrect I tried using all other interfaces and got no captured packets, I got an error. So I verified I was on the correct interface that way as well.

shsetose's avatar shsetose (2018-10-17 14:22:06 +0000) edit
more
  • delete

Have you tried to force a web page refresh while capturing?

cmaynard's avatar cmaynard (2018-10-17 14:27:06 +0000) edit
more
  • delete

Yes I tried that. I also tried putting the computer in sleep mode while capturing and waking it up and still get the same results. Sometimes I don't even get a handshake. I have tried promiscuous box checked and unchecked as well, same results.

shsetose's avatar shsetose (2018-10-17 14:34:15 +0000) edit
more
  • delete

I suppose if you can't figure out how to capture the packets you need to analyze the response time using Wireshark, you could try another tool. Search for "How to measure web page load time" and you will find a number of possible solutions.

cmaynard's avatar cmaynard (2018-10-17 14:48:57 +0000) edit
more
  • delete
add a comment see more comments
0

Try from command prompt to get the name of wireless interface to run capture against it tshark -D
you may need to run tshark from an account with special privileges. if is not run from a privileged account, it will not list any interfaces.

Then run

tshark -i WIFI_INT_NAME and see if it picks any thing. I had situation before when only one was traffic was captured while I was able to open the web pages successfully.

Zaaf's avatar
1
Zaaf
answered 2019-03-21 16:39:23 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer