How to get all of the http sessions related to one web page?

how to get all of the htttp session related to one web page?

Unfortunately that's not easy as HTTP is a stateless protocol and there is no way to relate several HTTP requests with one "web page" (what you see in the browser).

Take a look at http://www.nbc.com There is a lot of content from other pages (adclick, twitter, etc.) linked into that page. Your browser first loads the main page (www.nbc.com) and then follows all links in the HTML document. So, for the browser it is easy to get it all together.

Wireshark however captures only single (unrelated) requests and responses. So, it's hard to figure out if a request belongs to one page or another (if it's the same server)

Imagine you load two different pages on the same webserver in parallel (two browser windows). The browsers knwo what they requested and what to show. Wireshark sees only requests and responses from the same IP addresses and cannot distinguish if they came from one browser window or the other. So it's nearly impossible to get all "sessions related to one page".

So, what can you do:

• Filter on the IP address of the target server (ip.addr eq x.x.x.x). This will at least give you all requests and responses from one server. However, these could be from different pages ("sessions") on the server (see two browser sample above)
• Try to find a SESSIONID in the first request (a Cookie, JSESSIONID, PHPSESSIONID) and try to filter on that
• Write your own TAP that does a more thorough HTTP inspection. Then you can parse the HTML code and figure out all links in the page. Then, if you see a request to one of those links within a short period of time it's kind of likely that these requests belong to the same "session", although there is no guarantee.

Regards
Kurt