Working with HTTP Packets

Document created by Chris Sommerstad Employee on Jul 19, 2017
Version 1Show Document
  • View in full screen mode

To work with an HTTP packet, locate and open the packet-level recording in Central > HTTP Message Recordings.

When the Show/Hide Packets icon is visible it functions as a toggle. Click it to turn packet display on or off.

When packets are shown, the relationship between the highlighted message and the corresponding packets is shown. The packets that correspond are highlighted in blue. Similarly, if you click any given packet, the corresponding message will be highlighted. Some packets do not correspond to any message and thus will not cause a message to be highlighted.

To view detailed information about a packet, click the icon for the packet. Detailed information about that packet will appear in the lower right hand portion of the recording screen. 

Packet detail is presented as follows:

  1. Ethernet detail
  2. Internet Protocol (IP) detail
  3. Transmission Control Protocol (TCP) detail
  4. Packet content

Each packet consists of a set of headers for the various communication layers involved in the proper delivery of messages. Typically, the communication layers for HTTP consist of a network layer (Ethernet) and the TCP/IP layers. Within the protocol layers is the actual content of the packet, sometimes referred to as the payload.

The information from the Ethernet portion of the packet is summarized in the following table.


The network destination address


The network source address


The encapsulated protocol (ie the next layer). In this case, Internet Protocol (IP)


Checksum. In this case the checksum was not provided.

The information from the Internet Protocol layer is displayed as in the following example:

The information from the Internet Protocol (IP) portion of the packet is summarized in the following table.


The version of Internet Protocol (IP) used. In this case, version 4


The length of the IP header in 4 byte increments


Flags used in IP routing


Total length of the IP packet. Note that the packet includes the entire TCP packet including its headers.


IP packet id. Aids in reassembling fragmented packets


Flags that control packet fragmentation. These flags control whether or not the IP packet is allowed to be delivered in more than one fragment, and whether or not this is the last fragment (if allowed).


If fragmented, the offset for the fragment


Time-to-live for the packet (in seconds)


Protocol of the encapsulated layer. In the example the encapsulated communication layer is Transmission Control Protocol (TCP)


Checksum for packet validation


Source IP address (host name lookup provided)


Destination IP address (host name lookup provided)

The information from the Transmission Protocol layer is displayed as in the following example:

The information from the Transmission Control Protocol (TCP) portion of the packet is summarized in the following table.


Sending port number



Destination port number



Sequence number of the packet



Sequence number of the packet to be acknowledged



Header length in 4 byte increments






Control flags
    URG:  Urgent Pointer field significant
      ACK:  Acknowledgment field significant
      PSH:  Push Function
      RST:  Reset the connection
      SYN:  Synchronize sequence numbers
      FIN:  No more data from sender


The number of data octets beginning with the one indicated in the acknowledgment field which the sender of this segment is willing to accept.


Checksum for packet validation



This field communicates the current value of the urgent pointer as a positive offset from the sequence number in this segment.  The urgent pointer points to the sequence number of the octet following the urgent data.  This field is only be interpreted in segments with the URG control bit set.

The Raw Bytes section is the actual data portion of the given packet. This is the raw data of the HTTP message. This display contains the HEX values for the contents.