1
Wireshark reassembles TCP Segments. For teaching purposes, I'd like to see the actual packets (not the reassembled TCP Segments) that flow on a network when you access a webpage.
Can I do that with Wireshark? If not, can you suggest a free program that will let me see the basic, fundamental packets?
2
You should disable TCP Reassembly and IP Reassembly in Wireshark. These features change packet bytes. For example IP Reassembly shows IP and TCP headers in the last packet of datagram where as they are in the first packet.
To disable these features:
WiresharkIP Headerand Right Click on itTCP Header and Right Click on itThis changes are saved automatically and are valid in other running of Wireshark
SuB
Posted 2011-08-24T19:55:46.903
Reputation: 706
1
If you want to view only http packets in wireshark
0
This can help you filter out non-HTTP traffic. Then you can simply look at the packets:
6.1. Viewing packets you have captured
Once you have captured some packets, or you have opened a previously saved capture file, you can view the packets that are displayed in the packet list pane by simply clicking on a packet in the packet list pane, which will bring up the selected packet in the tree view and byte view panes.
You can also disable packet reassembling as shown here. Fiddler may also be a good choice if you want to look at HTTP layer.
Dmitry
Posted 2011-08-24T19:55:46.903
Reputation: 101
What if wireshark doesn't show any HTTP packets, just TCP, UDP, ARP and others? – kev – 2015-10-20T00:58:45.497