Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why Wireshark display filter does not show http packets?

When I use display filter for HTTP it shows only HTTP packets when HTTP message is on standard port i.e. on port 80. But, when message is not using standard port, then display filter not works for HTTP and I need to filter for TCP and then need to find out HTTP packets manually.

I want to know why this happen? Is it standard behavior or I am doing (or expecting) it wrongly.

Thanks.

like image 950
Pranit Kothari Avatar asked Nov 08 '13 06:11

Pranit Kothari


People also ask

Why is my Wireshark not showing HTTP packets?

If you still haven't captured any relevant HTTP traffic, then maybe you were capturing on the wrong interface, or maybe the traffic wasn't HTTP at all but HTTPS, in which case you will have to look for the relevant TCP connection carrying the encrypted SSL (TLS) traffic instead of the unencrypted HTTP traffic.

How do you filter HTTP packets in Wireshark?

Observe the traffic captured in the top Wireshark packet list pane. To view only HTTP traffic, type http (lower case) in the Filter box and press Enter. Select the first HTTP packet labeled GET /. Observe the destination IP address.

How do I filter HTTP response code in Wireshark?

To see the HTTP packets only, enter “HTTP” in the “Filter” text field towards the top-left. Then, under the main menu, click on the start icon (the first icon) to start capturing packets. Refresh the page. Once Wireshark displays the HTTP packets for your website request, stop the capture by clicking on the stop icon.


1 Answers

I had to enable the HTTP protocol by doing the following:

"Analyze -> Enabled Protocols"

This solution was for version 1.12.2 (and disabled by default in version 2.0.2) but should work for any variant of version 1 and 2.

like image 62
War Gravy Avatar answered Sep 20 '22 05:09

War Gravy