This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark not recognizing port 8888 HTTP traffic as HTTP

0

Hello,

I can't capture http localhost traffic under Ubuntu: it does not display anything.

It works with wlan0 but not with loopback 127.0.0.1. I probably missed something but can't figure out what.

Could someone helps? Thanks

PS: I can see the localhost http traffic under Chromium developer's tool network tab.

asked 07 Jul '12, 05:35

Grangousier's gravatar image

Grangousier
6113
accept rate: 0%

edited 08 Jul '12, 11:43

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

So you're connecting from an HTTP client (such as a Web browser) on your machine to an HTTP server on your machine, and you're not seeing any traffic even though the HTTP client is fetching stuff from the server?

What version of the kernel is your Ubuntu machine running (uname -r)?

(07 Jul '12, 15:01) Guy Harris ♦♦

it does not display anything.

what does it display?

(07 Jul '12, 16:11) Kurt Knochner ♦

Yes I have a local jetty server that runs my application and I connect to it using chromium but no http traffic is displayed by wireshark, whereas several http requests and responses are exchanged between the client and the server.

My ubuntu kernel version is 2.6.38-15-generic-pae. It's an old version but I fought so much to get Ubuntu run on my sony vaio one year ago (lots of problems with graphic support) that I hesitate to upgrade it.

(08 Jul '12, 01:48) Grangousier

what is the ubuntu release (lsb_release -a)?
How did you access the local server? 127.0.0.1 or the interface IP?
Did you set a capture filter?
Do you see the traffic if you capture with tcpdump?

(08 Jul '12, 02:05) Kurt Knochner ♦

Kurt, When I said "it does not display anything" I actually meant it does not display any "http" traffic but "tcp" traffic is displayed with source and destination address being 127.0.0.1.

(08 Jul '12, 02:11) Grangousier

tcp traffic on which port?

(08 Jul '12, 02:37) Kurt Knochner ♦

what is the ubuntu release (lsb_release -a)? 11.04

Did you set a capture filter? No capture filter

Do you see the traffic if you capture with tcpdump? Yes. I also see the tcp traffic with wireshark.

How did you access the local server? 127.0.0.1 or the interface IP? I don't understand what you mean by "access with interface IP"! I access it using a web browser where I enter my url "http://127.0.0.1:8888/"

(08 Jul '12, 03:08) Grangousier
showing 5 of 7 show 2 more comments

One Answer:

2

According to the information you provided so far, I believe your web server runs on a port that is not detected as HTTP by Wireshark. If so,

  • either right click any packet of the communication an select "Decode as" (then select HTTP)
  • or add your application port to the HTTP dissector preferences:

Edit -> Preferences -> Protocols -> HTTP -> TCP Ports

Regards
Kurt

answered 08 Jul '12, 02:53

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Beautiful,

I added the port 8888 and it works now.

Thanks a lot Kurt.

(08 Jul '12, 03:13) Grangousier

@Grangousier: If this is the correct answer than please tick the check mark to indicate so. That's proper Q&A etiquette.

(09 Jul '12, 09:03) Jaap ♦