How to capture traffic using Fiddler and Wireshark

Capture traffic using Fiddler and Wireshark

This article is about to traffic capturing and analysis. If you are interested about networking and network security then Fiddler and Wireshark are the tools that you must know about. These tools are also useful for developer too, who want to actually analyse the HTTP request like  get/ post etc. There are others tools that will do the same for you but I personally like these two as both are free tools.

Which one to use ?

Fiddler and Wireshark both do the same work view, analyse and capturing the traffic over the network. But there are some pros and cons in both the tools.Below I am going to mention points that helps you to differentiate both Wireshark and Fiddler so that you can choose as per your requirement.

  1. Wireshark provides a comprehensive capture and is more informative than Fiddler.
  2. Wireshark is a preferred tool to use when troubleshooting Sharepoint connectivity issues.
  3. You can capture your network at more microscopic level using Wireshark than Fiddler.
  4. Wireshark cannot sniff traffic within the same machine (localhost) on Windows. If you need to sniff local traffic on Windows you have to use Fiddler.
  5. Fiddler has a functionality to capture traffic using its decrypt HTTPS functionality.

How to use these tools?

Wireshark

  1. Download and Install Wireshark.
  2. Open Wireshark
  3. You can find Capture Section as mentioned in below screenshot.Wireshark Interface
  4. Select the network. In my case it is Wifi may be in your it may be Ethernet or something else. Click on the Start button to start capturing traffic via this interface.
  5. Visit the URL that you wanted to capture the traffic from.
  6. Go back to your Wireshark screen and there you can see the network traffics.
  7. By default Wireshark will capture all packets for you, for specific filter like in screenshot below I choose to only capture http request.Wireshark
  8. You can choose any request and analyse it at microscopic level on the below window.
  9.  Press Ctrl + E to stop capturing.
  10. After the traffic capture is stopped, please save the captured traffic into a *.pcap format file.

Note: If you are using HTTPS, please disable it in your test environment so Wireshark can be used.

Fiddler

  1. Download and Install Fiddler.
  2. Open it.
  3. Visit the URL that you wanted to capture the traffic from.
  4. Go back to your Fiddler screen and there you can see the network traffics.
  5. You can choose any request and intercept it on the right window as shown in screenshot below. Fiddler
  6. Click File > Save > All Sessions….
  7. This will save it in .saz format.

Note: Fiddler can capture local traffic by using the machine’s name as the host name rather than ‘localhost’.

Hope this will be helpful for you .. 

Leave a Reply

Your email address will not be published. Required fields are marked *