This is a migrated thread and some comments may be shown as answers.

Fiddler 5.0.20 cannot import pcap file from Wireshark

6 Answers 1362 Views
Fiddler Classic
This is a migrated thread and some comments may be shown as answers.
Johan
Top achievements
Rank 1
Johan asked on 10 Aug 2019, 12:59 PM

Hi there long time Fiddler user first time poster

I have a capture which I done in wireshark some time ago it contains http traffic: http://dxing.si/STB/Amino/Project%20Amino%20hack/STB_Power_HTTP_Only.pcapng

 

when going to File->Import seassions->Packet capture and select this pcapng file it says it loaded it but 0 sessions were loaded and nothing shows up

 

if anyone has any idea why this file won't import please suggest how I can convert it to .saz file maybe so fiddler will like it

here is the picture that shows filddler cannot load any sessions: http://dxing.si/STB/fiddler.PNG

Thanks for Anwsering and Best Regards

6 Answers, 1 is accepted

Sort by
0
Eric R | Senior Technical Support Engineer
Telerik team
answered on 19 Aug 2019, 10:02 PM
Hi Johan,

I recommend re-importing into WireShark and then exporting as the legacy .pcap format. Some Fiddler users have found success with this as shown in the Session Import for Packet Capture thread. 

Please give this a try and let me know the results. Thank you and I look forward to your reply.

Regards,

Eric R | Technical Support Engineer
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
Johan
Top achievements
Rank 1
answered on 26 Aug 2019, 12:35 PM

nope still the same

but if I try to save them as Modified tcpdump I get Unable to parse capture file; Magic bytes, yata, yata in hex

 

0
Eric R | Senior Technical Support Engineer
Telerik team
answered on 27 Aug 2019, 02:27 PM

Hi Johan,

I tried the same and it didn't read the raw data. Additionally, I exported from WireSharek to NetMon v2 (.cap) and the issue appears to be that this traffic wasn't captured using ipv4 or ipv6. See the below for details.

In terms of RAW packets, Fiddler interprets the bytes of the request and response for only HTTP traffic in a Packet Capture import. In the case RAW HTTP traffic is found, Fiddler will parse the raw TCP/IP data and create new sessions.

Please let me know if you need any additional information. Thank you.

Regards,


Eric R | Technical Support Engineer
Progress Telerik

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
Johan
Top achievements
Rank 1
answered on 27 Aug 2019, 11:01 PM

Thanks

hmm

but I can set display filter and see http traffic in wireshark, I just wanted to use fiddler as a nice display (I captured this data with a router: https://wiki.mikrotik.com/wiki/Ethereal/Wireshark

that mirrored a port an embedded device is connected to)

 

so is there still a way to import this data into fiddler so I can inspect http a bit easier?

0
Johan
Top achievements
Rank 1
answered on 27 Aug 2019, 11:02 PM

here: http://dxing.si/STB/Amino/Project%20Amino%20hack/STB_Power.pcapng

is an unfilter capture it has http in it and a bounch of other stuff too, maybe this could be imported with fiddler?

0
Eric R | Senior Technical Support Engineer
Telerik team
answered on 30 Aug 2019, 01:02 PM

Hi Johan,

Thank you for providing the additional information. I would like to point out that this is an unusual scenario and I will try to answer as best as I can.

I tested the latest import file and below is the screenshot of the log output. It appears that the fragments are never reassembled. In this case, this would mean that the import wouldn't work because Fiddler can't create the new sessions.

Additionally, importing TCP traffic isn't supported since it is on a different network layer. Fiddler can only see the web application layer traffic for specific protocols like HTTP, HTTPS, FTP and WebSockets.

An option for capturing this specific traffic on the same layer for use in Fiddler might be to use Fiddler Core in the application on your embedded device.

I hope this helps. Please let me know if you need any additional information. Thank you.

Regards,


Eric R | Technical Support Engineer
Progress Telerik

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Tags
Fiddler Classic
Asked by
Johan
Top achievements
Rank 1
Answers by
Eric R | Senior Technical Support Engineer
Telerik team
Johan
Top achievements
Rank 1
Share this question
or