Mapping HTTP requests to HTTP responses

Derek Litz picture Derek Litz · Jan 29, 2010 · Viewed 13.3k times · Source

If I make multiple HTTP Get Requests to the same server and get HTTP 200 OK responses to each one how do I tell which request maps to which response using Wireshark?

Currently it looks like an http request is made, and the next HTTP 200 OK response is quickly received so everything is in a the proper sequence. I have seen things to the contrary however. For example using the Google Maps API v2 I've made several requests for location information and then the information is received in an arbitrary order (closely resembling the order in which I requested it, but not necessarily perfect.)

So my intuition is I cannot assume that my responses will be received in a specific order, even though they may be in order most of the time. So I'm wondering how I can determine this order from the response.

Update: Clarification as to what I need. I just need to know that the server has received the request. It seems like I need to do this by looking at sequence numbers and perhaps even ACKS. The reasoning behind this approach is I'm basically observing a web app and checking it is sending the information and the information is being received.

Update: This has nothing to do with wireshark specifically. I believe it is confusing people so I removing it from the title. It has to do with the HTTP protocol on top of the TCP/IP protocol and how we map responses to requests.

Thanks.

Answer

filippo picture filippo · Jan 29, 2010

After you have stopped capturing packets follow this steps:

  1. position the cursor on a GET request

  2. Open the Analyze menu

  3. click "Follow TCP Stream"

You get a new window with requests and responses in sequence.