40

I want to monitor the websocket traffic (like to see what version of the protocol the client/server is using) for debugging purposes. How would I go about doing this? Wireshark seems too low level for such a task. Suggestions?

Bain Markev
  • 2,935
  • 5
  • 29
  • 28
  • FWIW, current versions of Fiddler will show you WebSocket traffic. – EricLaw Jun 23 '12 at 17:50
  • 1
    All you need is Chrome. More details over on this thread: http://stackoverflow.com/questions/8952773/chrome-web-inspector-web-socket-debugging/10525328#10525328. – Peter Moskovits Aug 07 '12 at 05:55
  • I posted details about logging WebSocket messages using Chrome and Wireshark at: https://blogs.oracle.com/arungupta/entry/logging_websocket_frames_using_chrome – Arun Gupta Nov 13 '12 at 22:21
  • I think Fiddler is easier to use for debugging WebSocket. I have recently written an article on CodeProject, which show you how to debug/inspect WebSocket traffic with Fiddler. http://www.codeproject.com/Articles/718660/Debug-Inspect-WebSocket-traffic-with-Fiddler – engineforce Jan 31 '14 at 21:24

4 Answers4

32

Wireshark sounds like what you want actually. There is very little framing or structure to WebSockets after the handshake (so you want low-level) and even if there was, wireshark would soon (or already) have the ability to parse it and show you the structure.

Personally, I often capture with tcpdump and then parse the data later using wireshark. This is especially nice when you may not be able wireshark on the device where you want to capture the data (i.e. a headless server). For example:

sudo tcpdump -w /tmp/capture_data -s 8192 port 8000

Alternately, if you have control over the WebSockets server (or proxy) you could always print out the send and receive data. Note that since websocket frames start with '\x00' will want to avoid printing that since in many languages '\x00' means the end of the string.

kanaka
  • 70,845
  • 23
  • 144
  • 140
9

If you're looking for the actual data sent and received, the recent Chrome Canary and Chromium have now WebSocket message frame inspection feature. You find details in this thread.

Community
  • 1
  • 1
Peter Moskovits
  • 4,236
  • 1
  • 20
  • 15
7

I think you should use Wireshark

Steps

  • Open wireshark
  • Go to capture and follow bellow path: capture > interfaces > start capture in your appropriate device.
  • Write rules in filter tcp.dstport == your_websoket_port
  • Hit apply
Dreen
  • 6,976
  • 11
  • 47
  • 69
Hitul Mistry
  • 2,105
  • 4
  • 21
  • 29
  • You need Wireshark 1.6.5 or greater to see the data in the WebSocket packets, see https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6843 – r3m0t Nov 07 '12 at 14:54
0

For simple thing, wireshark is too complex, i wanted to check only if the connection can be establish or not. Following Chrome plugin "Simple Web-socket (link : https://chrome.google.com/webstore/detail/simple-websocket-client/pfdhoblngboilpfeibdedpjgfnlcodoo?hl=en)" work like charm. See image.

https://lh3.googleusercontent.com/bEHoKg3ijfjaE8-RWTONDBZolc3tP2mLbyWanolCfLmpTHUyYPMSD5I4hKBfi81D2hVpVH_BfQ=w640-h400-e365

Shantu
  • 145
  • 11