Installing Wireshark and sniffing http communication on Red Hat

Peter Lorenzen
25/09-2011

We had a situation where we were calling an external Web service that required custom http headers. When our request reached the Web service the customer http headers had disappeared. We did not know if the problem was with the OSB, our Internet proxy or the programmer :-) To find out what was going on I installed the Wireshark sniffer.

Wireshark is part of the standard Red Hat / Oracle Linux Channels so it can most likely be installed directly via yum / up2date.

I installed two packages:

wireshark-gnome-1.0.15-1.el4_8.3
wireshark-1.0.15-1.el4_8.3

The gnome package contains the gui part.

The gui can be started by executing the wireshark command.
To start capturing packages select Capture and then Interfaces. Select the interface you want to capture traffic from by pressing Start.
If you don’t know which interface then select the first one. There is pseudo interface called any that captures from all interfaces but Wireshark crashed when I tried to use it.

ws1
ws2

Now execute the program that will generate the communication you want to capture and then press the stop icon.

ws3
Wireshark have now captured a lot of packages and most of them is probably not interesting, so it is possible to apply a filer.

I wanted only http communication and only calls to our proxy that runs on port 8080:

ws4

So there are only 3 interesting packages. Now it is possible to drill down in the packages and see the content.

ws5

It is possible to export the packages you have filtered to a text file.

ws6

Select Displayed and All packets.

ws7

Leave a Comment

Previous post:

Next post: