2
Is it normal that I have huge amount of HTTP packets every second in Wireshark, even if I am not doing anything?
I would like to analyse some packets related to one website in particular, but how can I do this when there's such a large number of packets in Wireshark?
1
Are you filtering wireshark to http packets only? Wireshark will pick up all network traffic of any sort. If you just want to look at requests for one site then fiddler is probably a better tool as it is geared towards looking at http requests
no, I'm supposed to use WireShark only, and could you please give me an example of a good filter expression which can solve my problem? – None – 2011-09-04T20:52:19.740
1
If you're really not doing anything, you might be seeing traffic that is neither from nor to your machine.
You can prevent this by turning off 'promiscuous mode'.
Arnout Engelen
Posted 2011-09-04T20:37:43.417
Reputation: 172
1
A large amount of packets is normal, especially if you're on a busy network and you're in promiscuous mode. To capture packets specifically to or from a certain IP address (your website's, in this case), you would use the capture filter:
host *ip adress*
ephilip
Posted 2011-09-04T20:37:43.417
Reputation: 2 694
Have a look at capture filters - http://wiki.wireshark.org/CaptureFilters
– arunkumar – 2011-09-04T20:42:06.9201Your network adapter is doing all sorts of coordination on a network that you don't see, and doesn't require interaction. You will need to apply a filter to WireShark for HTTP traffic to make any sense of it. – vcsjones – 2011-09-04T20:42:52.827
probably find the website's IP and filter to just packets with that source or dest IP. – barlop – 2011-09-05T02:24:21.887