Search code examples
portwiresharkpacket-capturepacket-snifferspostman

How can I determine which packet in Wireshark corresponds to what I sent via Postman?

I'm trying to figure out why REST calls sent from my handheld device (Windows CE / Compact Framework) are not making it to my server app (regular, full-fledged .NET app running on my PC).

The handheld device and the PC are connected - I know that because I can see the handheld device in the PC's Windows Explorer, Windows Mobile Device Center verifies the connection between the two is valid, etc.

I reach the breakpoint on my server app running on my PC when I pass the same REST call via Postman, namely:

http://192.168.125.50:21609/api/inventory/sendXML/duckbill/platypus/poisontoe

...but not when calling the same from the handheld device.

So, I want to see in wireshark just what is being sent from postman, so I can see what to look for when attempting to call the same REST method from the handheld device.

I set up a filter in wireshark, namely "ip.dst == 192.168.125.50" and get a handful of results when calling the method via Postman, but nowhere do I see "port 21609" which I would expect to. If I saw this, I would know I was looking at the right packet, but...where is it? When I run Postman and make the call, there are four packets captured by Wireshark, and none of them give that as the port number in the "User Datagram Protocol" element.

If the port number is disregarded, how can I determine which packet is the one from Postman?

UPDATE

Yoel had a good idea; I added "Dest port (unresolved)" and "Sourceport" as columns to display.

I then started a new live capture in Wireshark and sent the URL / REST method from Postman.

The breakpoint in the server app was indeed hit. I F5'd through it, and stopped the Wireshark capture.

"21609" is not seen in the Dest Port column anywhere.

Why? How is the URL being sent, and yet Wireshark is not detecting the port to which it was directed?

Also, in the Protocol column in Wireshark, I see no "HTTP" entries.

Solution

  • To see the destination port in the packet list, you have to add a column by right clicking in a column header and selecting Column preferences.... Then click on the + sign, choose a column title, and put

    tcp.dstport

    as the Fields parameter.

    You can also directly use the display filter with the expression:

    tcp.dstport == 21609

    (tested with Wireshark 2.2.0)