Windows 10 - Not capturing HTTP traffic

Dears,

I have successfully installed packetbeat-5.4.0 and pointing to Elastic search. I kept the default configs as it is. However I'm getting "INFO No non-zero metrics in the last 30s" in the log. My intention is to get detailed data for request,response from IIS. I'm using Windows 10.

.\packetbeat.exe -devices

0: \Device\NPF_{1BD2422B-42C7-4784-98AA-79A5E8331995} (Microsoft) (fe80::605a:ec2a:d949:6722 192.168.0.162)
1: \Device\NPF_{E444EFCA-F2AF-44BE-8E82-2F98CA25A097} (Intel(R) Ethernet Connection I219-LM) (fe80::b47e:2b92:2901:f158 192.168.2.93)
2: \Device\NPF_{9416A212-8190-45CE-8C7B-DDF589A50ABE} (Microsoft) (fe80::848d:618:238b:dc50 fe80::848d:618:238b:dc50)

I have configured to device 0. I have no clues why its not sending data. please help me..

Thanks a lot,..

Is the traffic HTTP? Or is it HTTPS?

On what interface does the HTTP traffic pass through? Does incoming traffic arrive at the 192.168.0.162 address or the 192.168.2.93 address (or maybe is ipv6 traffic on device 3)?

Hi Andrew,

Thanks for the response.

It's for HTTP. My incoming traffic arrive at 192.168.2.93. I have changed interface to 1 and I can see logs for dns and other information. However, no logs appeared from my application running under port 80 which I'm expecting. sample log as below

2017-06-21T15:38:04+08:00 INFO Non-zero metrics in the last 30s: libbeat.es.call_count.PublishEvents=49 libbeat.es.publish.read_bytes=239086 libbeat.es.publish.write_bytes=832418 libbeat.es.published_and_acked_events=1421 libbeat.publisher.messages_in_worker_queues=53 libbeat.publisher.published_events=1421

Please advise.

To add to the above...
I'm trying in my localhost.. Googled and installed npcap. after I install npcap, I can see devices like this... Irrespective of changing the interfaces.device 1 or 2 unable to see my app logs

image.png1248×113 13.1 KB

Highly appreciated your prompt response.. Thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.