I'm packet sniffing using jpcap, and I'm wondering how I can find out which request the response is for. The HTTP header fields don't even state the address of the server, and there are no ID's.
Do I need to check ports or something?
+1
A:
The response will immediately follow the request on the same connection. A client cannot have multiple requests pending on the same connection, it has to wait for a response before sending a new command, or else it has to send the request on a new connection.
Remy Lebeau - TeamB
2010-10-21 23:35:56
That's not true actually, there is a thing called 'request tunnelling'. However it's cedrtainly all on the same connection.
EJP
2010-10-22 00:48:35
+2
A:
It sounds like you're looking at captured IP packets without understanding how TCP connections work. The answer is that the HTTP headers don't include the address of the server, because they don't need to. The HTTP data is set across a TCP connection, which manages the source and destination addresses for each packet.
A TCP connection is like a virtual "pipe" between the client and the server. Any data sent on a TCP connection either:
- arrives at the other end in the same order it was sent, or
- does not arrive at all
Even if the individual IP packets might be fragmented and arrive at the destination in a different order from what was sent, TCP will sort all that out and present the receiver with a consistent, guaranteed view of the same data the sender put into the pipe.
Greg Hewgill
2010-10-21 23:46:14
A:
http is an application/presentation layer protocol. Don't think if you check the http headers you'll find the address of the server. Need to look at the IP packets by stripping of the http headers.
bala singareddy
2010-10-22 00:11:08