Capture Packets from Wireshark and see the content of requests or responses


First start Wireshark. If you are working on Ubuntu it is important to run Wireshark as the root. (I think same applies for other linux platforms as well)

sudo wireshark

Then capture options should be specified. Press the Capture Options button on the welcome page or the second button from the left in the tool bar.

Then specify the interface and the port number. I’m capturing packets within localhost, so the interface would be “lo” and the port which I’m receiving the request is 8192

Once you specify these options you are ready to capture packets. Just click on the start button.

When the request is sent, wireshark will display a list of captured packet.

Right click on one of the packets and select “Follow TCP Stream”.  The pop up window will show the request received and response sent

Advertisements

One response to this post.

  1. Posted by Piovezan on July 29, 2012 at 5:09 pm

    The “Follow TCP Stream” tip was very helpful, thank you very much!

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: