I'm trying to do the following but having some problems. Could someone give me some hints:
Thank you asked 29 Jun '13, 01:13  brumik |
One Answer:
For the questions in your first bullet point, for one line in the IO graph, use the following display filter to catch all response codes in the 5xx range: http.response.code >499 && http.response.code < 600 Then for a second line, apply this to get all 200-range codes: http.response.code >199 && http.response.code < 300 For your second bullet point, take the above display filters, contain them within brackets and add a "&&" followed by whatever else you want to use to uniquely identify one type of server response compared to others. It's really quite flexible. For the third bullet point, you can filter on TCP streams by adding the filter statement " && tcp.stream==x" where "x" is the stream number for that particular stream. Again, you can combine display filters in that IO graph in an and/or fashion to filter on just what you want it to display. answered 29 Jun '13, 15:19  Quadratic |
Thanks for the response. The IO graphs work on the streams as you mentioned I realized that I was not seeing anything as I had to unselect the default graph1 otherwise the scale is wrong. I also wanted just a summary count of the total responses in the trace. In the http packet counter feature I see similar stats but they cannot be customized for GET requests only.
I think it may be a bit tricky to filter on the response but only if the request for that response was a GET packet as it would require to look at the previous request packet in the stream was a GET requests only (as opposed to a POST or other http request method) Not sure if there is another feature/method to do this. Perhaps another way would be to remove all TCP streams/sessions which do not have http GET method, can you do this in wireshark?