WireShark – go deep! (HTTP Request Analysis)

Sam Deering
Share

wireshark-logo

Wireshark is a network protocol analyzer for Unix and Windows. I have only brushed the surface with this tool so far but it comes in handy when performing analysis on http requests between your machine and others on the network.

http://www.wireshark.org/

Before you start

  • Wireshark captures every request so only click start when you are ready to capture and click stop when your finished
  • You’ll need your IP address

Basic Instructions

  1. Download, install, run
  2. Click start to capture requests
  3. Use the expression filter to find your requests, here are some common filters:
    1. ip.addr == 10.27.999.99 (for example)
    2. ip.dst == 10.27.999.99 (for example)
  4. Find the request you want to analyse and Right click > Follow TCP Stream
  5. This should bring up the request in full

wireshark-2

wireshark-3