Wireshark-users: Re: [Wireshark-users] How to let wireshark capture one application packets
Won't this miss the DNS queries, for
example?
Frank
Sorry - this is an extremely
convoluted way around this issue of how to let Wireshark capture just one
application's packets.
If you have 2 PCs available you can run Wireshark
on PC1 with Firefox or any other WININET-based browser. On PC2 you
will install Fiddler2 (http://www.fiddler2.com/fiddler2/), a free, but Microsoft
copyrighted program.
You will have to adjust the Internet
connection settings on
Firefox:
TOOLS-OPTIONS-ADVANCED-NETWORK-SETTINGS-MANUAL PROXY
CONFIGURATION.
Your configuration will contain the IP address of
PC2 for HTTP and SSL requests and port 8888 for both.
What you will end
up with is PC1 sending stuff over port 8888 (Fiddler's default) or whatever port
you want. PC2 will intercept this traffic and send it on using the correct
ports.
If you just want the upper
layers of information, then this issue becomes a lot simpler. You
can dispense with Wireshark and PC2 and just use Fiddler2's capture. It
can give you clear text even if your session is
SSL/TLS.
Gary
Looking for last minute shopping deals?
Find
them fast with Yahoo! Search.
