Mapping HTTP requests to HTTP responses

Question

If I make multiple HTTP Get Requests to the same server and get HTTP 200 OK responses to each one how do I tell which request maps to which response using Wireshark?

Cur

Answer 1

While I was googling for a complete different question, I saw this one and I think I can provide a more complete answer :

HTTP dictates that responses must arrive in the order they were requested, Therefore, if you are looking at a single TCP connection at a given time you should be seeing :

Request ; Response ; Request ; Response ...

Also in HTTP/1.1, there is support for "Pipeline" where the client doesn't have to wait for responses to arrive in order to issue the next request. What could be observed in such cases is :

Request ; Response ; Request ; Request ; Response ; Response ; Request ; Response

In the HTTP response itself, there is no reference to the specific request that triggered it.

Filipo's suggestion is classic when debugging / observing a single TCP connection, but, when observing multiple TCP connections, you can't click the follow TCP Stream because you'd have to do it for each connection.

If you have many TCP connections, and many requests/responses you will have to look at TCP Source port in the request packet, and the TCP dest port in the response packet to know which response is related to each tcp connection, and then apply the HTTP request/response order rules.

Also, Wireshark CAN decompress the response body, and it will do it automatically if all the response body has arrived, but it will do so NOT in the Follow TCP Stream.

I always use Wireshark to debug HTTP.