Analyzing TCP Segments for HTTP Response in Wireshark

wireshark

After visiting a simple webpage at my browser, how can I check how many data containing TCP segments carried the HTTP response and the text file, in Wireshark?

When I check the Packet List window I find x TCP segments, but if I check the Packet Details window for the "HTTP 200 OK" response it says that there were x+1 Reassembled TCP segments. This extra TCP segment is the "HTTP 200 OK" response. Do we have to count this packet as well?

Best Answer

When I check the Packet List window I find x TCP segments

Do you mean "I find x rows that say "[TCP segment of reassembled PDU]"?

but if I check the Packet Details window for the "HTTP 200 OK" response it says that there were x+1 Reassembled TCP segments. This extra TCP segment is the "HTTP 200 OK" response. Do we have to count this packet as well?

If you mean "do I have to count more than the segments whose Info column just says "[TCP segment of reassembled PDU]", the answer is "yes" - when the last segment is seen, the HTTP request or response is dissected, and information about that request or response is put into the Info column.

Don't assume the only segments in a request or response are the ones labeled as "[TCP segment of reassembled PDU]".

Best Answer

Related Solutions

Wireshark – SSDP Protocol for HTTP Request Instead of TCP

How to Use Wireshark HTTP Filter

Related Topic