This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Comparing http.request.method==GET and File >Export Objects>HTTP

0

I tried to open a website that is hosted on Port 80.I captured all the packets related to that particular Site.Here,I am seeing a mismatch between no.of GET Requests initiated(Showing 95) vs Object list in File>Export Objects >HTTP(Showing 28) Is this a real discrepancy? I am under the impression that each GET Request is an object and hence both should be same.

asked 06 Mar '13, 19:53

krishnayeddula's gravatar image

krishnayeddula
629354148
accept rate: 6%


One Answer:

1

I am under the impression that each GET Request is an object

Not necessarily:

$ telnet www.wireshark.org 80
Trying 174.137.42.75...
Connected to www.wireshark.org.
Escape character is '^]'.
GET /purplemonkeydishwasher HTTP/1.1
Host: www.wireshark.org

HTTP/1.1 404 Not Found Date: Thu, 07 Mar 2013 03:58:22 GMT Server: Apache/2 Last-Modified: Wed, 06 Mar 2013 23:28:43 GMT Accept-Ranges: bytes Content-Length: 1540 Vary: Accept-Encoding X-Slogan: Sniff free or die. Cache-control: max-age=0, no-cache, no-store Content-Type: text/html

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Oops</title> <style type="text/css">

commented-out CSS style sheet elided

  </style>
</head>
<style type="text/css" media="screen">
@import url("/css/jqui/ui.all.css");
</style>
<body>
<div id="main">
<a href="http://www.wireshark.org/"><img src="/image/wsbadge64.png" alt=""></img></a>
<h1>Oops.</h1>
<div class="clear"></div>
<p>
We couldn't find the file you requested. If you're lost, you might try:
</p>
<ul style="list-style-type: none">
<li><a href="/">The main page</a></li>
<li><a href="/download.html">The download page</a></li>
<li><a href="/docs/">The documentation</a></li>
</ul>
<div class="clear"></div>
<!– Shamelessly stolen from http://www.stevefu.net/hostedstuff/mine/pics/im-in-ur-servr-sniffin-ur-paketz.jpg –>
<img src="/image/im-in-ur-servr-sniffin-ur-paketz.jpg" style="margin-left: auto; margin-right: auto" alt="">
</div>
</body>
</html>

That’s a GET request, but it returned an error; I guess you could argue that the error page is an object, but it’s normally not an object that somebody intended to get.

Did any of the GET requests get a reply code other than 200? For example, did they get errors (4xx or 5xx), or a 304 “Not modified”, or a 302 “Moved temporarily”, or a 301 “Moved permanently”, or…?

answered 06 Mar ‘13, 20:08

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Yes all those missed in Objects got response code 304 Not Modified. Thanks for letting me know the undercurrent behavior.Clearing the browser cache and repeating the test worked.

(06 Mar ‘13, 21:26) krishnayeddula

Ah, yes, good old If-Modified-Since.

(06 Mar ‘13, 21:35) Guy Harris ♦♦