Thursday, June 26, 2008

Capturing HTML Packets

While troubleshooting TRIRIGA, you may find yourself needing to analyze the traffic between a workstation and the server or the traffic between your app/process server and the database server. Here are the basic instructions for using the open source application Wireshark to capture this network traffic.

Download and install Wireshark from here:

After you get it installed, start it up; under the menu go to "Capture -> Interfaces". It should pop up a dialog showing all the network interfaces on the box; generate some traffic (open a web page etc.) and the "Packets" column should start counting up. That's the interface you want to sniff. From that dialog, click the "Options" button next to the interface that you identified. In the "Capture Filter" field of the options dialog, enter the following:

host ServerName && (port 80 || port 443 || port 8080 || port 8443 || port 8001)

(assuming ServerName is the server you want to monitor). Then click start. Go perform whatever operation you need to trace. Then select "Capture -> Stop" from the menu when it's done. Then save the result (pcap format should be the default, which is correct).

No comments: