How to filter for HTTP 500 responses and their requests in Wireshark?
I believe you will have to put a capture filter for all HTTP traffic, and then put in a display filter for the http.response.code == 500
After you have found a response code, remove the display filter and then use the Follow TCP Stream -or- the Conversation Filter to find the related packets...
Related videos on Youtube
Martin
Updated on September 17, 2022Comments
-
Martin over 1 year
How do I filter for HTTP 500 responses and their requests in Wireshark?
I'm able to use
http.response.code == 500
to find all the responses which got the return code 500 but I want to be able to see the requests of those responses, too.Update: I want to do this automatically so that I can set up a tshark.exe instance to record one day and only save the interesting HTTP traffic (there is a WEBDAV running on the same server with a lot of traffic that does not interest me).
Second Update: Since I mainly wanted to record messages that were sent to a WebService and not the WEBDAV, I used
http.content_type contains "text/xml"
to filter for xml based messages. This is not 100% what I was looking for but generates small enough logs for further debugging. -
Martin about 14 years@Scott Lundberg thanks for the hint but I need to do this automatically which I suppose is not possible with your solution
-
Martin about 14 yearsyes, some kind of a trigger would have been nice. Or may be a filter based on conversations and not packages. So that I could filter for every conversation containing an HTTP 500.