Capture all IIS traffic, on the Web server

7 posts, 1 answers
  1. Lee
    Lee avatar
    5 posts
    Member since:
    Aug 2013

    Posted 07 Aug 2015 Link to this post

    It sounds so simple.  I want to capture all IIS traffic​--not just ASP.NET traffic​--including "static" file traffic (images, CSS, etc.) without shoving the static files through the ASP.NET pipeline.  I want to do this on the Web server, entirely​--no reverse proxy shoving the traffic across the network through a remote machine.

    (I've asked the Internet, and tried too many things.  None of them work.  When people say IIS, they mean ASP.NET.  I mean IIS.  When people want to capture, they are fine with reverse-proxy to another machine.  I am not.)

    I hope I'm missing something obvious.

    Thanks in advance.

  2. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 07 Aug 2015 Link to this post

    Hi, Lee--

    Sorry, but it's not really clear what you're asking.

    If you want to capture all traffic from IIS, you have to configure ASP.NET and all of the other stacks (e.g. WinHTTP) to send their requests through Fiddler.

    If you want to capture all traffic to IIS, you have to run Fiddler in reverse proxy mode on port 80, having it forward all inbound requests to the port to which you've moved your IIS server (e.g. port 8080). 

    If this is a production server, of course, you first need to ensure that the load on the server is commensurate with the resources available to Fiddler to proxy that load.

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Lee
    Lee avatar
    5 posts
    Member since:
    Aug 2013

    Posted 07 Aug 2015 in reply to Eric Lawrence Link to this post

    Thanks, Eric.

    I want to capture all IIS traffic (from and to) "on the server."  I don't know how to make that clearer.  :]

    It is a dev server.

    I hate to phrase it this way, but I want Fiddler to do what Wireshark "just does."  I realize Wireshark is not a proxy.  The proxy part of Fiddler can be a real challenge at times.  (I know you've commented on so many people saying "I followed the instructions, but it just doesn't work."  Today, that became me.)  If I want Fiddler to do (far better) what any browser's dev toolbar "just does," Fiddler is fairly easy to set up.  If I want Fiddler to "serve me" as a server-side developer, the proxy is a real hassle--due to Microsoft's choices, no fault of Fiddler's, but I still feel the pain.  I can't find a single document online that has working instructions (for my current setup), partly because there are so many variables, for the proxy to deal with.  Fiddler "version" (2 v. 4), OS version, IIS version, AppPool account, other AppPool settings (Load User Profile), directory permissions, bitness (32- or 64-), various file proxy settings (ignore local--understanding local, loopback, override, machinename, restarting services, lions, tigers, bears--oh my), etc.  I think a full flow-chart would look like a worse version of the old Florida voters' ballot joke (http://0.tqn.com/d/politicalhumor/1/S/L/_/florida_confusing_ballot.jpg).  Ugh.  Have I mentioned that Wireshark just works?  You know I love Fiddler.  I don't want Wireshark packets; I want Fiddler sessions.  Can I get a WinPcap Fiddler option?!  :]

    I'm now on Windows 8.1, with Hyper-V, which makes my machine's IP come from a virtual network, even though I'm the host OS.  Good grief.  I did this so easily in previous OS versions.  Now, nothing works.  I can't get my ASP.Net app to break when I set an invalid proxy address.  Again, not Fiddler's fault, but I'm only dealing with it because Fiddler is a proxy.

  4. Answer
    Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 07 Aug 2015 Link to this post

    If Wireshark truly "just works" (e.g. you're not using any secure traffic anywhere) then it's simple enough-- capture the traffic with Wireshark, save it to a PCAP, and import it to Fiddler using File > Import > Packet Capture.

    If you want Fiddler to capture traffic coming *in* to your IIS server and going *out* from your IIS server, then you need to run Fiddler in both reverse proxy mode and normal proxy mode. First, get Fiddler capturing the traffic coming out from your IIS server (by editing machine.config & setting the proxy settings for WinHTTP to 127.0.0.1:8888, etc). Then, move your IIS instance to a different port (8080) and configure Fiddler to listen on port 80 as well (e.g. type !listen 80 in QuickExec to set up a second listening endpoint). In FiddlerScript, you then need to forward requests received on port 80 to your IIS instance (8080).

    Regards,
    Eric Lawrence
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  5. Lee
    Lee avatar
    5 posts
    Member since:
    Aug 2013

    Posted 07 Aug 2015 in reply to Eric Lawrence Link to this post

    Good stuff!  Thanks, Eric.  Much appreciated, as always.
  6. Lee
    Lee avatar
    5 posts
    Member since:
    Aug 2013

    Posted 07 Aug 2015 in reply to Lee Link to this post

    Oh, wait, the proposed method of capturing outgoing traffic will only capture ASP.NET traffic.  Can I force IIS to use WinINet?!  Sheesh.  wish@microsoft.com
  7. Lee
    Lee avatar
    5 posts
    Member since:
    Aug 2013

    Posted 07 Aug 2015 in reply to Lee Link to this post

    Bah.  Hasty replies.  Sorry.  You did say "& setting the proxy settings for WinHTTP to 127.0.0.1:8888"
Back to Top