2

I am trying to understand CouchDB network traffic with Wireshark and find it very difficult.

A simple transaction with plain-text content seems to result in many lines in Wireshark, most of them being not more than unparsed binary data:

44270 > terabase [PSH ACK] Seq=1411 Ack=2369 Win=16195 Len=27 [...]
00:00:00:1b:00:00:2a:6b:00:10:03:00:00:00:00:00:00:00:1c:00:00:00:00:03:21:00:1e

Packet data is decoded up to the TCP level, but not at the CouchDB level.

Is there any Wireshark plugin to understand CouchDB traffic ?

Nicolas Raoul
  • 1,314
  • 7
  • 22
  • 43

1 Answers1

3

CouchDB traffic is just HTTP traffic to a JSON API; even if Wireshark doesn't catch the fact that it's HTTP, the traffic should still be really quite readable.

A TCP ACK packet (the one pasted in your question) is never going to be terribly enlightening, though; you're interested in the data within the TCP connection. Try right-clicking one of the packets and "Follow TCP stream" - a window will come up with all of the data from the connection, color-coded by request and response.

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
  • 2
    +1. What I do is go into the Wireshark config in the http protocol, and add `5984` in the list of ports. Then Wireshark will provide further parsing, showing HTTP verbs, responses, etc. – jhs Feb 07 '12 at 11:00