Hi Wen,
I haven’t had any problems with Wireshark and HTTP(s) traffic, can you provide an example of where it is inaccurate or where it doesn’t display a request /
response? I know some people get thrown off by the fact that if you have a request / response that stretches across more than one frame its labeled as a HTTP on the last frame rather than the first.
EG
Frame 101 (tcp segment of reassembled pdu) (packet byes show - Post /something….)
Frame 102 (tcp segment of reassembled pdu) (packet byes show - more cookie / data)
Frame 104 (tcp segment of reassembled pdu) (packet byes show - more cookie / data)
Frame 105 (Post /something….) (packet byes show - more cookie / data)
Have you tried ‘Follow TCP Stream’, does the Stream Content window work better for you?
That being said, when I’m working with HTTP(s) only (the network is good enough its an app issue) I like to use Fiddler (www.fiddler2.com/Fiddler2/version.asp),
the SSL strip is nice when dealing with remote servers where I don’t have / cant get the certificate.
Fiddler is its own capture tool, it doesn’t read pcap(ng) files.
Hope that help
tim
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx]
On Behalf Of wen lui
Sent: Friday, January 18, 2013 12:40 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] are there any good tools/scripts for analyzing http requests from captured packets?
Although wireshark UI can show some information about capture packets,
sometimes it is not accurate, like some http requests and responses are not displayed
are there any good tools/scripts for analyzing http requests from captured packets
so I can extract each http requests, http responses,
thanks!
