Wireshark Quick Tip – Viewing HTTP Requests
Wireshark is a great way to monitor Internet traffic when the need arises. In situations where some type of proxy server isn’t in place to monitor Internet traffic, Wireshark is a great substitute. Whether you capture the target computers traffic via port mirroring or ARP cache poisoning, Wireshark has a simple interface you can use to view the HTTP traffic going across the wire. In order to do this, capture the appropriate traffic and select Statistics from the drop down menu, select HTTP, and choose the Requests option. You will be presented with the option to filter the traffic. Once you create a filter if you choose to, click the Create Stat button and you will see a window like the one below that will give you a breakdown of the HTTP requests captures on the wire.
One important note…make sure that when you are capturing this traffic you filter out any HTTP requests that may be occurring on your analysis computer. Although you may not be browsing to the Internet interactively, that’s not to say your computer is generating HTTP requests due to Antivirus updates, Windows updates, etc.
