Mapping HTTP requests to HTTP responses

13,743

Solution 1

Seems like this ability is not provided by the HTTP protocol at the application layer so I must go down to the transportation layer to determine this. In my case the TCP/IP layer using sequence numbers.

HTTP only presumes a reliable
transport; any protocol that provides such guarantees can be used; the mapping of the HTTP/1.1 request and response structures onto the
transport data units of the protocol in question is outside the scope of this specification.

Read more: http://www.faqs.org/rfcs/rfc2616.html#ixzz0e20kxKcz

Solution 2

After you have stopped capturing packets follow this steps:

  1. position the cursor on a GET request

  2. Open the Analyze menu

  3. click "Follow TCP Stream"

You get a new window with requests and responses in sequence.

Solution 3

While I was googling for a complete different question, I saw this one and I think I can provide a more complete answer :

HTTP dictates that responses must arrive in the order they were requested, Therefore, if you are looking at a single TCP connection at a given time you should be seeing :

Request ; Response ; Request ; Response ...

Also in HTTP/1.1, there is support for "Pipeline" where the client doesn't have to wait for responses to arrive in order to issue the next request. What could be observed in such cases is :

Request ; Response ; Request ; Request ; Response ; Response ; Request ; Response

In the HTTP response itself, there is no reference to the specific request that triggered it.

Filipo's suggestion is classic when debugging / observing a single TCP connection, but, when observing multiple TCP connections, you can't click the follow TCP Stream because you'd have to do it for each connection.

If you have many TCP connections, and many requests/responses you will have to look at TCP Source port in the request packet, and the TCP dest port in the response packet to know which response is related to each tcp connection, and then apply the HTTP request/response order rules.

Also, Wireshark CAN decompress the response body, and it will do it automatically if all the response body has arrived, but it will do so NOT in the Follow TCP Stream.

I always use Wireshark to debug HTTP.

Solution 4

Don't use Wireshark to debug HTTP, use an HTTP debugger such as Fiddler2

Share:
13,743
Derek Litz
Author by

Derek Litz

Bachelor of Science in Computer Science from the University of Minnesota

Updated on July 22, 2022

Comments

  • Derek Litz
    Derek Litz over 1 year

    If I make multiple HTTP Get Requests to the same server and get HTTP 200 OK responses to each one how do I tell which request maps to which response using Wireshark?

    Currently it looks like an http request is made, and the next HTTP 200 OK response is quickly received so everything is in a the proper sequence. I have seen things to the contrary however. For example using the Google Maps API v2 I've made several requests for location information and then the information is received in an arbitrary order (closely resembling the order in which I requested it, but not necessarily perfect.)

    So my intuition is I cannot assume that my responses will be received in a specific order, even though they may be in order most of the time. So I'm wondering how I can determine this order from the response.

    Update: Clarification as to what I need. I just need to know that the server has received the request. It seems like I need to do this by looking at sequence numbers and perhaps even ACKS. The reasoning behind this approach is I'm basically observing a web app and checking it is sending the information and the information is being received.

    Update: This has nothing to do with wireshark specifically. I believe it is confusing people so I removing it from the title. It has to do with the HTTP protocol on top of the TCP/IP protocol and how we map responses to requests.

    Thanks.