I ran wireshark for a while and opened a few webpages now my class assignment is asking me to find out the number of http and https connections established. Can you suggest commands or filters to find these out?
Asked
Active
Viewed 1,062 times
1 Answers
1
HTTP is connection-less, that means client and server knows about each other during current request and response only. You can open the .pcapng file and then
- Click on “Statistics”
- Select “HTTP”
- Select “Packet Counter“
In my case, I can 14 requests and 14 responses. (Success 2xx).
Prasad 14723312
- 539
- 1
- 3
- 14
-
Thank you so much for clearing this up. Can you explain how the same could be done for HTTPS because in statistics I can only see HTTP and HTTP2 – Szr Feb 04 '21 at 07:41
-
You can get client hello : "ssl.handshake.type == 1" – Prasad 14723312 Feb 08 '21 at 13:17
-
You can get server hello : "ssl.handshake.type == 2" – Prasad 14723312 Feb 08 '21 at 13:18
-
Complete list is available on https://davidwzhang.com/2018/03/16/wireshark-filter-for-ssl-traffic/ – Prasad 14723312 Feb 08 '21 at 13:18
-
For TLS/SSL Handshake detail analysis in Wireshark, Refer : https://render-prd-trops.events.ibm.com/support/pages/sites/default/files/inline-files/$FILE/SSL_handshake_analysis.pdf – Prasad 14723312 Feb 08 '21 at 13:20