Fiddler 5.0.20 cannot import pcap file from Wireshark

7 posts, 0 answers
  1. Johan
    Johan avatar
    4 posts
    Member since:
    Aug 2019

    Posted 10 Aug Link to this post

    Hi there long time Fiddler user first time poster

    I have a capture which I done in wireshark some time ago it contains http traffic: http://dxing.si/STB/Amino/Project%20Amino%20hack/STB_Power_HTTP_Only.pcapng

     

    when going to File->Import seassions->Packet capture and select this pcapng file it says it loaded it but 0 sessions were loaded and nothing shows up

     

    if anyone has any idea why this file won't import please suggest how I can convert it to .saz file maybe so fiddler will like it

    here is the picture that shows filddler cannot load any sessions: http://dxing.si/STB/fiddler.PNG

    Thanks for Anwsering and Best Regards

  2. Eric R | Technical Support Engineer
    Admin
    Eric R | Technical Support Engineer avatar
    230 posts

    Posted 19 Aug Link to this post

    Hi Johan,

    I recommend re-importing into WireShark and then exporting as the legacy .pcap format. Some Fiddler users have found success with this as shown in the Session Import for Packet Capture thread. 

    Please give this a try and let me know the results. Thank you and I look forward to your reply.

    Regards,

    Eric R | Technical Support Engineer
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Johan
    Johan avatar
    4 posts
    Member since:
    Aug 2019

    Posted 26 Aug in reply to Eric R | Technical Support Engineer Link to this post

    nope still the same

    but if I try to save them as Modified tcpdump I get Unable to parse capture file; Magic bytes, yata, yata in hex

     

  4. Eric R | Technical Support Engineer
    Admin
    Eric R | Technical Support Engineer avatar
    230 posts

    Posted 27 Aug Link to this post

    Hi Johan,

    I tried the same and it didn't read the raw data. Additionally, I exported from WireSharek to NetMon v2 (.cap) and the issue appears to be that this traffic wasn't captured using ipv4 or ipv6. See the below for details.

    In terms of RAW packets, Fiddler interprets the bytes of the request and response for only HTTP traffic in a Packet Capture import. In the case RAW HTTP traffic is found, Fiddler will parse the raw TCP/IP data and create new sessions.

    Please let me know if you need any additional information. Thank you.

    Regards,


    Eric R | Technical Support Engineer
    Progress Telerik

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  5. Johan
    Johan avatar
    4 posts
    Member since:
    Aug 2019

    Posted 27 Aug in reply to Eric R | Technical Support Engineer Link to this post

    Thanks

    hmm

    but I can set display filter and see http traffic in wireshark, I just wanted to use fiddler as a nice display (I captured this data with a router: https://wiki.mikrotik.com/wiki/Ethereal/Wireshark

    that mirrored a port an embedded device is connected to)

     

    so is there still a way to import this data into fiddler so I can inspect http a bit easier?

  6. Johan
    Johan avatar
    4 posts
    Member since:
    Aug 2019

    Posted 27 Aug in reply to Johan Link to this post

    here: http://dxing.si/STB/Amino/Project%20Amino%20hack/STB_Power.pcapng

    is an unfilter capture it has http in it and a bounch of other stuff too, maybe this could be imported with fiddler?

  7. Eric R | Technical Support Engineer
    Admin
    Eric R | Technical Support Engineer avatar
    230 posts

    Posted 30 Aug Link to this post

    Hi Johan,

    Thank you for providing the additional information. I would like to point out that this is an unusual scenario and I will try to answer as best as I can.

    I tested the latest import file and below is the screenshot of the log output. It appears that the fragments are never reassembled. In this case, this would mean that the import wouldn't work because Fiddler can't create the new sessions.

    Additionally, importing TCP traffic isn't supported since it is on a different network layer. Fiddler can only see the web application layer traffic for specific protocols like HTTP, HTTPS, FTP and WebSockets.

    An option for capturing this specific traffic on the same layer for use in Fiddler might be to use Fiddler Core in the application on your embedded device.

    I hope this helps. Please let me know if you need any additional information. Thank you.

    Regards,


    Eric R | Technical Support Engineer
    Progress Telerik

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top