Analyzing HTTP problems

The bottom line is, of course, how to analyze the HTTP problems. This is what this recipe is all about. HTTP problems can happen because of a slow server or client, TCP performance issues, and some other reasons that we will see in this recipe.

Getting ready

When you experience bad performance while browsing the Internet, connect the Wireshark with port mirror to the PC that experiences the problem, and when it is the whole network that suffers from bad performance, port mirror the connection to the Internet.

How to do it...

There can be various reasons for a slow browsing problem, and we'll try to figure it out step-by-step. The steps are given as follows:

  1. First, check that you don't simply have loaded line to the Internet, high error rate on the communications line, or any of these obvious issues that cause most of the problems (see Chapter 4, Using Basic Statistics Tools and Chapter 5, Using Advanced Statistics Tools for further details).
  2. To negate a TCP issue (as explained in detail in Chapter 9, UDP/TCP Analysis), check the following details:
    • In the Expert info window, you don't get too many retransmissions and duplicate ACKs (up to 0.5-0.8 percent is still tolerable).
    • Make sure that you don't get resets on the HTTP connections. It might be due to firewalls or site restrictions.
  3. Make sure that you don't get the following DNS problems:
    • Slow response time, as described earlier in this chapter
    • Names are not found, not correct, and so on
  4. If none of these apply, well, let's dig in to HTTP.

    Tip

    Don't forget to look at the network and IT environment as a whole. You cannot separate TCP from HTTP, or the DNS problems from the slow browsing of applications. It can be that you have a very slow HTTP server; and because of its slow responses, you will get TCP retransmissions. Or, because of the slow DNS server, you will get a web page that opens after many seconds. Just go step- by-step and isolate the problems.

When you open a web page for the first time, it can take a few seconds. In this case, you should check the following conditions:

  1. Check if the line is not loaded.
  2. Check the delay on the line (a ping to the website will do the job).
  3. Look for error codes. Usually you will see the reason for the error on the browser, but not always.
  4. Configure the filter http.response >= 400 and see how many errors you get. In the following sections, we see several examples of what you should pay attention to.

Informational codes

Code

Status

Explanation

What to do

100

Continue

Request completed successfully and the session can continue.

-

101

Switching protocols

The server is changing to a different HTTP version. It will be followed by an Upgrade header.

-

Success codes

Code

Status

Explanation

What to do

200

OK

Standard OK response.

-

201

Created

The request has been fulfilled and a new resource has been created.

-

202

Accepted

The request was accepted and is still in process.

-

203

Non-authoritative information

The request was received with content from another server, and it was understood.

-

204

No content

The request was received and understood, and the answer that is sent back has no content.

-

205

Reset content

This is a server request to the client to reset the data that was sent to it.

-

206

Partial content

Response for a partial document request.

-

Redirect codes

Code

Status

Explanation

What to do

300

Multiple choices

The requested address refers to more than one file. It can happen, for example, when the resource has been removed, and the response provides a list of potential locations for it.

-

301

Moved permanently

The requested resource has been moved permanently. Future requests should be forwarded to the attached URI.

-

302

Moved temporarily

(found)

Page has been moved temporarily, and the new URL is available. Usually, you will be automatically forwarded.

Usually, you will see a Found code, and then another GET to the URL indicated

303

See other

The response to the request can be found in a different URI. It should be retrieved using an HTTP GET to that resource.

-

304

Not modified

When a request header includes an if modified since parameter, this code will be returned if the file has not changed since that date.

-

305

Use proxy

The requested resource must be accessed through a proxy.

Check what proxy is required

Client errors

Code

Status

Explanation

What to do

400

Bad request

The request could not be understood by the server due to a syntax problem. The request should be modified by the client before resending to it.

Check the website address. This can also happen due to a site error.

401

Authorization required

The client is denied access due to the lack of authentication codes.

Check your username and password.

402

Payment required

Reserved for future use.

 

403

Forbidden

The client is not allowed to see a specific file. This can be due to the server access limit.

Check the credentials. Also, there are fewer chances that the server is loaded.

404

Not found

The requested resource could not be found.

This can be because the resource was deleted, or it never existed before. It can also be due to URL misspellings.

405

Method not allowed

The method you are using to access the file is not supported or not allowed by the resource.

 

406

Not acceptable

Content generated by the resource is not acceptable according to the client request.

Check/update your browser.

407

Proxy authentication required

Request authentication is required before it can be performed.

The client must first authenticate itself with the proxy.

408

Request timed out

It took the server longer than the allowed time to process the request.

Check response time and load on the network.

409

Conflict

The request submitted by the client cannot be completed because it conflicts with some established rules.

Can be because you try to upload a file that is older that the existing one or similar problems. Check what the client is trying to do.

410

Gone

The URL requested by the client is no longer available from that system.

Usually this is a server problem. It can be due to a file that was deleted or location was forwarded to a new location.

411

Content length required

The request is missing its Content-Length header.

Compatibility issue on a website. Change/update your browser.

412

Precondition failed

The client has not set up a configuration that is required for the file to be delivered.

Compatibility issue on a website. Change/update your browser.

413

Request entity too long

The requested file was too big to process.

Server limitation.

414

Request URI too long

The address you entered was overly long for the server.

Server limitation.

415

Unsupported media type

The file type of the request is not supported.

Server limitation.

A simple example for a client error is presented in the following screenshot. To get to this window, perform the following steps:

  1. Right-click on the packet with the error code.
  2. Choose Follow TCP stream. You will get the following window:
    Client errors
  3. You can see the following conditions:
    • I tried to browse the URI /poker-client/broadcast.htm (marked as 1 and 3 in the preceding screenshot)
    • The URI was forwarded by the referrer: http://www.888poker.com/poker-client/promotions.htm (marked as 2 in the preceding screenshot)
    • The status code was 404 Not Found (marked as 4 in the preceding screenshot)

Just to clarify things, I was not playing Poker, I was working on a networking problem.

Server errors

Code

Status

Explanation

What to do

500

Internal server error

The web server encountered an unexpected condition that prevented it from carrying out the client request for access to the requested URL.

Response that is usually caused by a problem in your Perl code when a CGI program is run.

501

Not implemented

The request cannot be executed by the server.

A server problem.

502

Bad gateway

The server you're trying to reach is sending back errors.

A server problem.

503

Service unavailable

The service or file that is being requested is not currently available.

A server problem.

504

Gateway timeout

The gateway has timed out. This message is like the 408 timeout error, but this one occurs at the gateway of the server.

Server is down or nonresponsive.

505

HTTP version not supported

The HTTP protocol version that you want to use for communicating with the server is not supported by it.

Server does not support the HTTP version.

You can get service unavailable (code 503) status due to various reasons. In the following example there is a small office that has the following complaint: they can browse Facebook, but the moment they click on a link on this site, they get the new page as blocked. In the following screenshot, you can see that the problem was simply a firewall that blocked it (obviously).

Server errors

How it works...

In standard HTTP browsing, you should see a very simple pattern as follows:

  1. TCP opens the connection (three-way handshake).
  2. HTTP sends a GET command.
  3. Data is downloaded to your browser.

Tip

In most cases, opening a web page will open multiple connections—in many cases, tens of them. For example, when you open a newspage (www.cnn.com, www.foxnews.com, www.bbc.co.uk), it opens the main page, news bars, commercials, temperature window, connections to other sites, and more. Don't be surprised if a single page will open nearly a hundred connections, or even more.

In case of a web page that opens multiple connections (as most web pages do), each connection requires a DNS query, response, TCP SYN-SYN/ACK-ACK, and HTTP GET; only then the data will start to appear on your screen.

There's more...

When you don't see anything in the packet details pane, right-click on a packet and choose Follow TCP stream. This will give you a detailed window, (as in the preceding screenshot) which provides you with a lot of data for the connection.

Another tool that is widely used for HTTP is Fiddler. It can be found at http://fiddler2.com/. Fiddler is a free tool that is planned for HTTP debugging. It is not in the scope of this book.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.226.82.78