Getting started with Wireshark, the Fiddler for Ubuntu

Posted on the February 1st, 2010 under Internet,Linux,Software and Technology by Tohir

Fiddler is a useful tool for tracking http requests and responses. It’s similar to the Net tag in Firebug, except that it can be used to track all requests, not only browser-based ones.

For Ubuntu users, the recommended alternative is Wireshark. Wireshark is noted as being more powerful than Fiddler, but the focus will be on the features most commonly used by web developers for tracking.

Installation

Wireshark is found in the Ubuntu repositories, so simply search for wireshark in Synaptic, or enter sudo apt-get install wireshark

Usage

Under Applications > Internet, you will notice there are two options. Wireshark and Wireshark (as root). Run the second one (as root) as this gives you more data to track.

wireshark-1

After wireshark has started, the process is straightforward:

  1. Choose which network interfaces to capture traffic from
  2. Start capturing
  3. Filter captured requests

1. Choosing which network interfaces to capture traffic from. From the menu, choose: Capture > Interfaces

wireshark-2

This will bring up a list of network devices.

2. Since my work involves debugging work off my laptop (http://localhost etc), I only start device lo (127.0.0.1). This is useful as it immediately ignores all other traffic.

3. The one thing you will notice is that fiddler will log both the TCP and HTTP requests. For the purpose of debugging AJAX, etc., we are only interested in HTTP requests, TCP requests are not required. These can be hidden by adding a filter.

wireshark-3

In the field next to Filter:, enter http and click on Apply.

wireshark-4

The steps will now show all traffic coming on 127.0.0.1 via HTTP. The last step is picking up the AJAX parts for debugging. Notice that for each request, there is a response. Unlike Fiddler, Wireshark does not combine the request and the response. So click on the response line, and then expand the Line-based text data row. This will show the text of the AJAX response.

wireshark-5

Conclusion

Wireshark takes more steps than Fiddler, and Fiddler is a more focussed program than Wireshark. Wireshark also captures traffic without having to install a plugin into firefox, etc., so it’s useful for debugging applications as well. The biggest improvement to make Wireshark truly replace Fiddler is to turn off truncation of the response text. Wish I knew how!



4 Responses to 'Getting started with Wireshark, the Fiddler for Ubuntu'

Subscribe to comments with RSS
  1. February 28, 2011 at 11:39 pm
    Kevin Bong

    I think the reason that it seems like Wireshark is truncating your response text is that you are filtering by “http” – which means Wireshark will only show packets that have http request or response headers, and not the following packets with the remaining data. Two good options:
    #1 – filter by “tcp.port == 80″ instead to see all web packets
    #2 (even better) Do what you did above, but instead of clicking on the response line and looking at the line based text data row you should right click on the packet and do “Follow TCP stream”. This will show all the session data.

  2. November 13, 2011 at 7:28 am
    Al Kautsar

    after i isntalled wiresharak,there is nothing wireshrak ( as root ). what is the problem there

Leave a Reply




XHTML::
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>