This is our old Q&A Site. Please post any new questions and answers at

I am somewhat familiar with TCP WireShark, etc. Mediocore I guess. I have a question: Many times I get spam mail from whomever. I am a curious fellow and wonder what the source of it is. Many times I get a link to click on so I can, according the instructions, log in to fix up my userid/password. Yeah, right. I know it's not probably recommended, but I fire up WireShark and try to follow what happens when I click such a link. Most times, there is one conversation that ends with a 320, re-direct. Follow conversation does not seem to follow that. I'm not sure if I'm making sense, but is there any way of following that first request, typicall a GET through it's travels including re-directs to other hosts? That is, I end up seeing the entire flow?

Thanks for any tips suggestions.

asked 17 Feb '14, 11:11

larryralph's gravatar image

accept rate: 0%

Sorry, should have been a '302 Redirect'. I guess I could then follow that redirected conversation, but was wonder if there was some way (a filter?), do that automatically??


(17 Feb '14, 11:16) larryralph

Guess I should have done some searching first. I think I found the answer in this very forum. Here's a link to what I found. I will try the filter technique mentioned:

permanent link

answered 17 Feb '14, 11:55

larryralph's gravatar image

accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 17 Feb '14, 11:11

question was seen: 1,315 times

last updated: 17 Feb '14, 13:31

p​o​w​e​r​e​d by O​S​Q​A