2
I'm a .NET developer who's used to using fiddler. I'm trying just see the traffic from a web service running on my local machine and a specific web service. When I hit this web service from an ASP.NET website running in Visual Studio I can see the traffic in fiddler.
I'm trying to hit the same web service from a Java application and for some reason the traffic doesn't show up in fiddler, event thought I have filters turned off and I have exempt all set in WinConfig.
I figured that my Java application and my web service would probably show up in Wireshark so I decided to give that a try. When I run Wireshark it seems like it's showing me all kinds of traffic. I tried adding a capture filter
http.host contains "mywebservicefullyqualifiedhostname"
But I keep seeing traffic going to many different ip addresses. I used nslookup to check into some of these ip addresses and none of them are my web service.
I removed the https.host contains filter and and added these two capture filters:
src host 1.2.3.4
host 4.3.2.1
Where src 1.2.3.4 is my ip address and 4.3.2.1 is the ip address I'm connecting to, but it's still showing bunches of other ip addresses when I start capturing traffic in Wireshark.
Is there anyway to add a host name to the columns in Wireshark? Are the capture filters in Wireshark a list of things to exclude? Looking at the default capture filters in Wireshark it doesn't appear so e.g.
not port 80 and not port 25 and host www.wireshark.org
Eric
Posted 2018-08-31T14:50:25.510
Reputation: 903
1That seemed to work. I was entering my capture filters via Capture -> Capture Filters and then hitting the plus button and entering a name and filter. Any idea why that doesn't work? – Eric – 2018-08-31T17:07:46.060
In my experience, Wireshark filters are really fickle from a formatting perspective. I sometimes have to slam my head against them for some time until I get them to work as expected. ¯_(ツ)_/¯ – Junkiebev – 2018-08-31T17:29:53.440