To work with an HTTP packet, locate and open the packet-level recording in Central > HTTP Message Recordings.
When the Show/Hide Packets icon is visible it functions as a toggle. Click it to turn packet display on or off.
When packets are shown, the relationship between the highlighted message and the corresponding packets is shown. The packets that correspond are highlighted in blue. Similarly, if you click any given packet, the corresponding message will be highlighted. Some packets do not correspond to any message and thus will not cause a message to be highlighted.
To view detailed information about a packet, click the icon for the packet. Detailed information about that packet will appear in the lower right hand portion of the recording screen.
Packet detail is presented as follows:
- Ethernet detail
- Internet Protocol (IP) detail
- Transmission Control Protocol (TCP) detail
- Packet content
Each packet consists of a set of headers for the various communication layers involved in the proper delivery of messages. Typically, the communication layers for HTTP consist of a network layer (Ethernet) and the TCP/IP layers. Within the protocol layers is the actual content of the packet, sometimes referred to as the payload.
The information from the Ethernet portion of the packet is summarized in the following table.
The network destination address
The network source address
The encapsulated protocol (ie the next layer). In this case, Internet Protocol (IP)
Checksum. In this case the checksum was not provided.
The information from the Internet Protocol layer is displayed as in the following example:
The information from the Internet Protocol (IP) portion of the packet is summarized in the following table.
The version of Internet Protocol (IP) used. In this case, version 4
The length of the IP header in 4 byte increments
Flags used in IP routing
Total length of the IP packet. Note that the packet includes the entire TCP packet including its headers.
IP packet id. Aids in reassembling fragmented packets
Flags that control packet fragmentation. These flags control whether or not the IP packet is allowed to be delivered in more than one fragment, and whether or not this is the last fragment (if allowed).
If fragmented, the offset for the fragment
Time-to-live for the packet (in seconds)
Protocol of the encapsulated layer. In the example the encapsulated communication layer is Transmission Control Protocol (TCP)
Checksum for packet validation
Source IP address (host name lookup provided)
Destination IP address (host name lookup provided)
The information from the Transmission Protocol layer is displayed as in the following example:
The information from the Transmission Control Protocol (TCP) portion of the packet is summarized in the following table.
Sending port number
Destination port number
Sequence number of the packet
Sequence number of the packet to be acknowledged
Header length in 4 byte increments
The number of data octets beginning with the one indicated in the acknowledgment field which the sender of this segment is willing to accept.
Checksum for packet validation
This field communicates the current value of the urgent pointer as a positive offset from the sequence number in this segment. The urgent pointer points to the sequence number of the octet following the urgent data. This field is only be interpreted in segments with the URG control bit set.
The Raw Bytes section is the actual data portion of the given packet. This is the raw data of the HTTP message. This display contains the HEX values for the contents.