Filtering HTTP Traffic to and from Specific IP Address in Wireshark Now you’ll see all the packets related to your browsing of any HTTP sites you browsed while capturing.
To display all the HTTP traffic you need to use the following protocol and port display filter: tcp.dstport = 80 You’re missing the setup handshakes and termination tcp packets. The unfortunate thing is that this filter isn’t showing the whole picture. You’ll notice that all the packets in the list show HTTP for the protocol. To display packets using the HTTP protocol you can enter the following filter in the Display Filter Toolbar: http is a good one because they have a very large site that loads a lot of information and (at the time of writing this) they have not switched to HTTPS, sadly. To start this analysis start your Wireshark capture and browse some HTTP sites (not HTTPS). Many people think the http filter is enough, but you end up missing the handshake and termination packets. It usually means that Wireshark got a packet on port 80 that it could not decode as HTTP.Filtering HTTP traffic in Wireshark is a fairly trivial task but it does require the use of a few different filters to get the whole picture. The second item isn't necessarily an error. The wireshark website has some good tutorials on how to use wireshark to troubleshoot problems. If you are getting excessive retransmissions it will slow down your downloads and you will probably need to troubleshoot. But retransmissions happen occasionally so unless they are excessive I don't worry about this. Of course, if both ends are on your local network, then it could indicate a local problem. The packets could be dropped anywhere on the path between your client and the server so it might not have anything to do with your wireless LAN or router. When looking at Wireshark traces you are likely to see other anomalies such as "TCP Previous segment lost", "TCP Dup Ack", "Out of Order", etc. I usually don't worry about them unless I get a lot. Lost packets can be due to a number of reasons including errors on the line, congestion in the network or excessive delay (an ACK is delayed longer than the retransmission timeout). TCP Retransmission means that TCP detected that a packet was lost somewhere in the network and it is retransmitting the lost packet. There are two independent parts to this message: Without seeing more of the protocol trace it is hard to tell what is happening exactly.