It's a live capture from a Chrome session to being streamed to my downloads folder.
So I have a pcap file that is being constantly filled with data.
The target machine (AVM Fritzbox) does not have ssh or telnet (not anymore). Both works fine, as long as I have access to a shell and tcpdump. I can also start from a windows machine to a linux machine that has tcpdump installed: plink.exe -ssh -pw password "tcpdump -ni any -s 0 -w - not port 22" | "C:\Program Files\Wireshark\Wireshark.exe" -k -i. On linux, I can capture a pcap file on another host with tcpdump and pipe it back to wireshark on the local machine for a live capture experience: ssh host sudo tcpdump -iany -U -s0 -w - 'not port 22' | wireshark-gtk -k -i. If you want the content of the page to show up in a network trace, you would have to convince your browser to discard any copy it's saved, so that it doesn't use If-Modified-Since I don't know how that's done with Firefox (I assume, from the headers, that you're using Firefox), but repeatedly trying to fetch the page might be treated as a "discard the cached copy" indication, and there might also be ways in the Firefox UI to discard cached copies of pages.This is probably less a wireshark question and more a "how do I pipe a file into an application" on windows. Transfer of the selected representation's data is avoided if thatĪs you can see, the reply, in the next packet, has a reply of "304 Not Modified", meaning that the page in question hasn't changed since the time specified in the If-Modified-Since header, so any copy the machine already fetched at that time is Good Enough. Method conditional on the selected representation's modification dateīeing more recent than the date provided in the field-value. HTTP supports an "If-Modified-Since" header as the RFC says: The "If-Modified-Since" header field makes a GET or HEAD request You can't get it from the response that packet, because it's not delivered!
0 kommentar(er)
