Importing Packet Captures pcap / netmon
535 views
Skip to first unread message
ReinR
Feb 5, 2014, 10:36:02 AM2/5/14
to httpf...@googlegroups.com
Hello,
quite a while im trying to import captured Network Traffic created by the Wireshark Tools dumpcap.exe or tshark.exe
My Problem is that many captured Requests/Sessions are marked red in Fiddler (not all), where the Result Column says "0" and the Respone is always empty (Inspector is saying "HTTP/1.1 0 FIDDLER GENERATED - RESPONSE DATA WAS MISSING")
So what is wrong with my capure?
The strange Thing is wenn doing this all on my Dev-Machine is works properly, so for every Request the corresponding Response is there, just when doing a Capture on the Production Machine makes Problems using the same tools.
After import the log complains about many "!Incomplete Stream"s, but this Entries are also there on the successfull Capture on my Dev-Machine.
Already tried so convert the dumpfiles to different Formats like pcap and netmon, no success.
Also tried another Tools like Microsoft Network Monitor, with this the same Problems already arise on my Dev-Machine.
So any Ideas how to do proper Network Captures for Fiddler?
Thanks!
quite a while im trying to import captured Network Traffic created by the Wireshark Tools dumpcap.exe or tshark.exe
My Problem is that many captured Requests/Sessions are marked red in Fiddler (not all), where the Result Column says "0" and the Respone is always empty (Inspector is saying "HTTP/1.1 0 FIDDLER GENERATED - RESPONSE DATA WAS MISSING")
So what is wrong with my capure?
The strange Thing is wenn doing this all on my Dev-Machine is works properly, so for every Request the corresponding Response is there, just when doing a Capture on the Production Machine makes Problems using the same tools.
After import the log complains about many "!Incomplete Stream"s, but this Entries are also there on the successfull Capture on my Dev-Machine.
Already tried so convert the dumpfiles to different Formats like pcap and netmon, no success.
Also tried another Tools like Microsoft Network Monitor, with this the same Problems already arise on my Dev-Machine.
So any Ideas how to do proper Network Captures for Fiddler?
Thanks!
EricLaw
Feb 5, 2014, 12:04:15 PM2/5/14
to httpf...@googlegroups.com
Howdy, ReinR-- Thanks for the note.
First question: What's the build number of Fiddler that you're using? (Help > About)
Second question: Can you share one or more .CAP files demonstrating this problem with me? (Help > Send Feedback)
Some .CAP-generating tools will only show outbound network traffic and will not (by default) capture inbound responses. If you generate a CAP using such a tool, you'll only see the requests and not the responses.
Also, keep in mind that your capture should begin as early as possible; if you miss the start of the connection in the capture, Fiddler may not see traffic on that connection.
thanks,
-Eric
ReinR
Feb 7, 2014, 3:42:44 AM2/7/14
to httpf...@googlegroups.com
Hi Eric,
thank you for your Response!
I'm using Fiddler 4.4.5.9, seems to be the most recent.
Just sent you a .cap File demonstrating the Problem.
I don't think i'm only capturing outbound traffic, because only some Sessions don't contain a Response (often the important one), most of them do. You should see when using the .cap File. Beside, Wireshark is showing outbound and inbound traffic.
Don't understand what you mean on "start of the connection". I my case im trying to capture on a Productionmachine, so im starting capturing on a certain Application which is already running, so there is no as early as possible.
thanks,
ReinR
thank you for your Response!
I'm using Fiddler 4.4.5.9, seems to be the most recent.
Just sent you a .cap File demonstrating the Problem.
I don't think i'm only capturing outbound traffic, because only some Sessions don't contain a Response (often the important one), most of them do. You should see when using the .cap File. Beside, Wireshark is showing outbound and inbound traffic.
Don't understand what you mean on "start of the connection". I my case im trying to capture on a Productionmachine, so im starting capturing on a certain Application which is already running, so there is no as early as possible.
thanks,
ReinR
ReinR
Feb 20, 2014, 10:23:17 AM2/20/14
to httpf...@googlegroups.com
Hi Eric,
i just realized that Time imported in eg. "ClientBeginRequest" is not the Time which was captured with Wireshark. The Times differed excatly for 1 Hour, which seems to be the TimeZone Shift. Are you doing some TimeZone Conversions when reading the dump file?
Thanks!
i just realized that Time imported in eg. "ClientBeginRequest" is not the Time which was captured with Wireshark. The Times differed excatly for 1 Hour, which seems to be the TimeZone Shift. Are you doing some TimeZone Conversions when reading the dump file?
Thanks!
EricLaw
Feb 21, 2014, 6:30:11 AM2/21/14
to httpf...@googlegroups.com
At present, the import doesn't attempt to use TimeZone information.
Reply all
Reply to author
Forward
0 new messages