Working with HTTP Packets

Document created by Chris Sommerstad Employee on Jul 19, 2017
Version 1Show Document
  • View in full screen mode

To work with an HTTP packet, locate and open the packet-level recording in Central > HTTP Message Recordings.

When the Show/Hide Packets icon is visible it functions as a toggle. Click it to turn packet display on or off.

When packets are shown, the relationship between the highlighted message and the corresponding packets is shown. The packets that correspond are highlighted in blue. Similarly, if you click any given packet, the corresponding message will be highlighted. Some packets do not correspond to any message and thus will not cause a message to be highlighted.

To view detailed information about a packet, click the icon for the packet. Detailed information about that packet will appear in the lower right hand portion of the recording screen. 

Packet detail is presented as follows:

  1. Ethernet detail
  2. Internet Protocol (IP) detail
  3. Transmission Control Protocol (TCP) detail
  4. Packet content

Each packet consists of a set of headers for the various communication layers involved in the proper delivery of messages. Typically, the communication layers for HTTP consist of a network layer (Ethernet) and the TCP/IP layers. Within the protocol layers is the actual content of the packet, sometimes referred to as the payload.

The information from the Ethernet portion of the packet is summarized in the following table.

dst

The network destination address

src

The network source address

proto

The encapsulated protocol (ie the next layer). In this case, Internet Protocol (IP)

crc

Checksum. In this case the checksum was not provided.

The information from the Internet Protocol layer is displayed as in the following example:

The information from the Internet Protocol (IP) portion of the packet is summarized in the following table.

ver

The version of Internet Protocol (IP) used. In this case, version 4

hlen

The length of the IP header in 4 byte increments

tos

Flags used in IP routing

len

Total length of the IP packet. Note that the packet includes the entire TCP packet including its headers.

id

IP packet id. Aids in reassembling fragmented packets

flags

Flags that control packet fragmentation. These flags control whether or not the IP packet is allowed to be delivered in more than one fragment, and whether or not this is the last fragment (if allowed).

offset

If fragmented, the offset for the fragment

ttl

Time-to-live for the packet (in seconds)

protocol

Protocol of the encapsulated layer. In the example the encapsulated communication layer is Transmission Control Protocol (TCP)

checksum

Checksum for packet validation

saddr

Source IP address (host name lookup provided)

daddr

Destination IP address (host name lookup provided)

The information from the Transmission Protocol layer is displayed as in the following example:

The information from the Transmission Control Protocol (TCP) portion of the packet is summarized in the following table.

sport

Sending port number

 

dport

Destination port number

 

seq

Sequence number of the packet

 

ack

Sequence number of the packet to be acknowledged

 

hlen

Header length in 4 byte increments

 

res

Reserved

 

code

Control flags
    URG:  Urgent Pointer field significant
      ACK:  Acknowledgment field significant
      PSH:  Push Function
      RST:  Reset the connection
      SYN:  Synchronize sequence numbers
      FIN:  No more data from sender

win

The number of data octets beginning with the one indicated in the acknowledgment field which the sender of this segment is willing to accept.

crc

Checksum for packet validation

 

urg

This field communicates the current value of the urgent pointer as a positive offset from the sequence number in this segment.  The urgent pointer points to the sequence number of the octet following the urgent data.  This field is only be interpreted in segments with the URG control bit set.

The Raw Bytes section is the actual data portion of the given packet. This is the raw data of the HTTP message. This display contains the HEX values for the contents.

Attachments

    Outcomes