I'm trying to figure out why REST calls sent from my handheld device (Windows CE / Compact Framework) are not making it to my server app (regular, full-fledged .NET app running on my PC).
The handheld device and the PC are connected - I know that because I can see the handheld device in the PC's Windows Explorer, Windows Mobile Device Center verifies the connection between the two is valid, etc.
I reach the breakpoint on my server app running on my PC when I pass the same REST call via Postman, namely:
http://192.168.125.50:21609/api/inventory/sendXML/duckbill/platypus/poisontoe
...but not when calling the same from the handheld device.
So, I want to see in wireshark just what is being sent from postman, so I can see what to look for when attempting to call the same REST method from the handheld device.
I set up a filter in wireshark, namely "ip.dst == 192.168.125.50
" and get a handful of results when calling the method via Postman, but nowhere do I see "port 21609" which I would expect to. If I saw this, I would know I was looking at the right packet, but...where is it? When I run Postman and make the call, there are four packets captured by Wireshark, and none of them give that as the port number in the "User Datagram Protocol" element.
If the port number is disregarded, how can I determine which packet is the one from Postman?
Yoel had a good idea; I added "Dest port (unresolved)" and "Sourceport" as columns to display.
I then started a new live capture in Wireshark and sent the URL / REST method from Postman.
The breakpoint in the server app was indeed hit. I F5'd through it, and stopped the Wireshark capture.
"21609" is not seen in the Dest Port column anywhere.
Why? How is the URL being sent, and yet Wireshark is not detecting the port to which it was directed?
Also, in the Protocol column in Wireshark, I see no "HTTP" entries.
You can easily find packets once you have captured some packets or have read in a previously saved capture file. Simply select Edit → Find Packet… in the main menu. Wireshark will open a toolbar between the main toolbar and the packet list shown in Figure 6.12, “The “Find Packet” toolbar”.
method == "POST" in the display filter of wireshark to only show POST requests. Click on the packet, then expand the Hypertext Transfer Protocol field. The POST data will be right there on top. If you set the display filter to just HTTP by itself, then you can see GETs and POSTs together.
In Wireshark, you are able to search for strings with "Edit->Find Packet...". I would search from strings such as "email", "mail", etc.
To see the destination port in the packet list, you have to add a column by right clicking in a column header and selecting Column preferences...
. Then click on the +
sign, choose a column title, and put
tcp.dstport
as the Fields
parameter.
You can also directly use the display filter with the expression:
tcp.dstport == 21609
(tested with Wireshark 2.2.0)
The answer is as short as:
tcp.port==53218
First that the new postman port is 53218, second the original Answer is tracking only the requests without the responses. So if you want to track the whole communication - tcp.port==53218 will do it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With