I recently installed xampp (Apache Friend) on my laptop and I wanted to capture GET requests made by my browser. I installed Wireshark, but cannot see hoe to configure it to do what I want. It lists 4 interfaces, and I tried each one. The 'interfaces' shows 4 choices, and I tried each one. asked 29 Mar '13, 07:52 AndyS01 |
One Answer:
You don't say what your OS is, but if it's Windows then Wireshark can't capture requests made to the local machine, that is if you run the browser on the same machine as the web server. This is because the MS network stack recognises that the packet is local so "short-circuits" the packet and the WinPCap driver that Wireshark uses to capture doesn't see the packet. If your OS is not windows, then capturing on the loopback adaptor should do the trick. answered 29 Mar '13, 08:34 grahamb ♦ edited 29 Mar '13, 12:35 |
I'm running Windows 7 (32 bit)
When my browser (Opera) is running on the local machine, it still does GET requests, though.
Because I can see the Apache php/perl stuff, perhaps I could modify the handler for multipart packet transfers to fire off a log message with details about the packet. I looked around and I saw that there were dozens of php and perl code that reference 'multipart'. Perhaps I could modify one of those?
The browser/web server combination on the same machine will work without issues, but Wireshark won't be able to capture the traffic.
Network Monitor from MS might be able to capture the traffic and Wireshark can open the NM capture files.
@AndyS01
I converted your first "answer" to a comment as that's how this site works, it's not a forum, please see the FAQ for more info.
As your second "answer" was a duplicate of the converted comment I've deleted it.
Can you clarify your subsequent question and how it refers to Wireshark as Wireshark only handles network traffic, not log files?
I'm sorry, I got off track a bit. I still need to capture network traffic generated by the Apache server that's running under xampp. My xampp httpg.conf file is configured to a servername of <myipaddress> (instead of localhost), and my browser address is something like this: "http://<myipaddress>/test.html". The test.html code gets a filename and uploads it using 'enctype="multipart/form-data'. I expect to see several HTTP GET requests, but Wireshark does not capture them. In Wireshark, I selected all 4 interfaces.
As I mentioned n my reply, the issue is not with the xampp stack or configuration, but with the Windows network stack and WinPCap.
On Windows, packets addressed to the local host (whether that is localhost or an IP that the host has) aren't captured by WinPCap.
See the Wiki page on Loopback Capturing for more info and a number of ways that may allow you to capture the traffic you want.
The two easiest ways I know of to capture the traffic you want are: