How do I monitor all incoming http requests?

Question

I need to monitor my application from incoming http POST and GET requests originating from outside and sometimes inside the machine.

Is th

Answer 1

Microsoft Message Analyzer is the successor of the Microsoft Network Monitor 3.4

If your http incoming traffic is going to your web server at 58000 port, start the Analyzer in Administrator mode and click new session:

use filter: tcp.Port = 58000 and HTTP

trace scenario: "Local Network Interfaces (Win 8 and earlier)" or "Local Network Interfaces (Win 8.1 and later)" depends on your OS

Parsing Level: Full

Answer 2

Guys found the perfect way to monitor ALL traffic that is flowing locally between requests from my machine to my machine:

1. Install Wireshark

2. When you need to capture traffic that is flowing from a localhost to a localhost then you will struggle to use wireshark as this only monitors incoming traffic on the network card. The way to do this is to add a route to windows that will force all traffic through a gateway and this be captured on the network interface.

   To do this, add a route with <ip address> <gateway>:

    cmd> route add 192.168.20.30 192.168.20.1
   

3. Then run a capture on wireshark (make sure you select the interface that has bytes flowing through it) Then filter.

The newly added routes will come up in black. (as they are local addresses)

Answer 3

Use TcpView to see ports listening and connections. This will not give you the requests though.

In order to see requests, you need reverse of a proxy which I do not know of any such tools.

Use tracing to give you parts of the requests (first 1KB of the request).

Answer 4

You can also try the HTTP Debugger, it has the built-in ability to display incoming HTTP requests and does not require any changes to the system configuration.

Answer 5

I would install Microsoft Network Monitor, configure the tool so it would only see HTTP packets (filter the port) and start capturing packets.

You could download it here

Answer 6

What you need to do is configure Fiddler to work as a "reverse proxy"

There are instructions on 2 different ways you can do this on Fiddler's website. Here is a copy of the steps:

---

Step #0

Before either of the following options will work, you must enable other computers to connect to Fiddler. To do so, click Tools > Fiddler Options > Connections and tick the "Allow remote computers to connect" checkbox. Then close Fiddler.

Option #1: Configure Fiddler as a Reverse-Proxy

Fiddler can be configured so that any traffic sent to http://127.0.0.1:8888 is automatically sent to a different port on the same machine. To set this configuration:

1. Start REGEDIT
2. Create a new DWORD named ReverseProxyForPort inside HKCU\SOFTWARE\Microsoft\Fiddler2.
3. Set the DWORD to the local port you'd like to re-route inbound traffic to (generally port 80 for a standard HTTP server)
4. Restart Fiddler
5. Navigate your browser to http://127.0.0.1:8888

Option #2: Write a FiddlerScript rule

Alternatively, you can write a rule that does the same thing.

Say you're running a website on port 80 of a machine named WEBSERVER. You're connecting to the website using Internet Explorer Mobile Edition on a Windows SmartPhone device for which you cannot configure the web proxy. You want to capture the traffic from the phone and the server's response.

1. Start Fiddler on the WEBSERVER machine, running on the default port of 8888.
2. Click Tools | Fiddler Options, and ensure the "Allow remote clients to connect" checkbox is checked. Restart if needed.
3. Choose Rules | Customize Rules.
4. Inside the OnBeforeRequest handler, add a new line of code:
   if (oSession.host.toLowerCase() == "webserver:8888") oSession.host = "webserver:80";
5. On the SmartPhone, navigate to http://webserver:8888

Requests from the SmartPhone will appear in Fiddler. The requests are forwarded from port 8888 to port 80 where the webserver is running. The responses are sent back through Fiddler to the SmartPhone, which has no idea that the content originally came from port 80.