Logging network traffic without particular tools

Sometimes it is not possible or allowed to install certain third party tools on a client. In this case it is hard to analyze complex performance issues or test specific network behaviour. Especially if you have to monitor a longer period of time, it is necessary to persist the log data. How to record the network traffic without any additional programs?
Submitted by Christina Plössnig on Mon, 11/23/2015 - 23:24
2 answers

Fiddler Log Excel (csv) Export

Unfortunately Fiddler has no really useful built-in export options. But it is possible to extend the FiddlerScript to export the traffic data to Excel (csv).

  1. Open Rules
  2. Choose "Customize Rules..."

    3. see screenshot https://techscreen.tuwien.ac.at/sites/default/files/Fiddler-Rule-Edit.png

  3. Search for the following code:


    4. public static ToolsAction("Reset Script")
    function DoManualReload() {
    FiddlerObject.ReloadScript();
    }

  4. Insert following code after the lines above:


    5. public static ToolsAction("Copy Request Timings to Excel")
    function DoHighlightSlowRequests() {
    var oSessions = FiddlerApplication.UI.GetAllSessions();

    var s: String = "";
    s = s +
    "Id\t" +
    "URL\t" +
    "Is HTTPS\t" +
    "Response Code\t" +
    "Request Bytes\t" +
    "Response Bytes\t" +

    "ClientConnected\t" +
    "ClientBeginRequest\t" +
    "ClientDoneRequest\t" +

    "ServerConnected\t" +
    "FiddlerBeginRequest\t" +
    "ServerGotRequest\t" +
    "ServerBeginResponse\t" +
    "ServerDoneResponse\t" +
    "ClientBeginResponse\t" +
    "ClientDoneResponse\t" +

    "DNSTime\t" +
    "GatewayDeterminationTime\t" +
    "TCPConnectTime\t" +
    "HTTPSHandshakeTime\t" +

    "Request Transmission Time\t" +
    "Server Time Spent\t" +
    "Response Transmission Time\t" +
    "Transmission time (down + up)\t" +
    "Total Round Trip Time" +
    "\r\n";
    for (var x:int = 0; x < oSessions.Length; x++){
    var logEntryId = oSessions[x].id
    var session = oSessions[x]
    var timer = session.Timers
    // use tabs intead of CSV because
    // Excel and .NET have incompatible
    // expectations for unicode format

    var t = oSessions[x].Timers
    var transmissionTime =
    new TimeSpan(t.ServerGotRequest.Ticks -
    t.FiddlerBeginRequest.Ticks)
    var serverTimeSpent =
    new TimeSpan(t.ServerDoneResponse.Ticks -
    t.ServerGotRequest.Ticks)
    var responseTransmissionTime =
    new TimeSpan(t.ServerDoneResponse.Ticks -
    t.ServerBeginResponse.Ticks)
    var totalTransferTime =
    transmissionTime + responseTransmissionTime
    var roundTripTime =
    new TimeSpan(t.ClientDoneResponse.Ticks -
    t.ClientBeginRequest.Ticks)

    var transmissionTimeStr =
    transmissionTime.ToString().Contains("-") ? "" : transmissionTime + ""
    var serverTimeSpentStr =
    serverTimeSpent.ToString().Contains("-") ? "" : serverTimeSpent + ""
    var responseTransmissionTimeStr =
    responseTransmissionTime.ToString().Contains("-") ? "" : responseTransmissionTime + ""
    var totalTransferTimeStr =
    totalTransferTime.ToString().Contains("-") ? "" : totalTransferTime + ""
    var roundTripTimeStr =
    roundTripTime.ToString().Contains("-") ? "" : roundTripTime + ""

    s = s +
    logEntryId + "\t" +
    oSessions[x].url + "\t" +
    oSessions[x].isHTTPS + "\t" +
    oSessions[x].responseCode + "\t" +
    oSessions[x].requestBodyBytes.Length + "\t" +
    oSessions[x].responseBodyBytes.Length + "\t" +

    oSessions[x].Timers.ClientConnected.ToString("HH:mm:ss.fff") + "\t" +
    oSessions[x].Timers.ClientBeginRequest.ToString("HH:mm:ss.fff") + "\t" +
    oSessions[x].Timers.ClientDoneRequest.ToString("HH:mm:ss.fff") + "\t" +

    oSessions[x].Timers.ServerConnected.ToString("HH:mm:ss.fff") + "\t" +
    oSessions[x].Timers.FiddlerBeginRequest.ToString("HH:mm:ss.fff") + "\t" +
    oSessions[x].Timers.ServerGotRequest.ToString("HH:mm:ss.fff") + "\t" +
    oSessions[x].Timers.ServerBeginResponse.ToString("HH:mm:ss.fff") + "\t" +
    oSessions[x].Timers.ServerDoneResponse.ToString("HH:mm:ss.fff") + "\t" +
    oSessions[x].Timers.ClientBeginResponse.ToString("HH:mm:ss.fff") + "\t" +
    oSessions[x].Timers.ClientDoneResponse.ToString("HH:mm:ss.fff") + "\t" +

    oSessions[x].Timers.DNSTime + "\t" +
    oSessions[x].Timers.GatewayDeterminationTime + "\t" +
    oSessions[x].Timers.TCPConnectTime + "\t" +
    oSessions[x].Timers.HTTPSHandshakeTime + "\t" +

    transmissionTimeStr + "\t" +
    serverTimeSpentStr + "\t" +
    responseTransmissionTimeStr + "\t" +
    totalTransferTimeStr + "\t" +
    roundTripTimeStr +
    "\r\n";
    }
    System.Windows.Forms.Clipboard.SetText(
    s.ToString(),
    TextDataFormat.Text);
    }

    Source:
    https://www.garysieling.com/blog/adding-export-excel-option-fiddler

  5. Save
  6. Open Tools
  7. Now click on the new menu "Copy Request Timings to Excel"

    8. see screenshot https://techscreen.tuwien.ac.at/sites/default/files/Fiddler-Export.png

    The Log will be copied to the clipboard as csv format.

  8. Open Excel and paste content from clipboard
Submitted by Christina Plössnig on Tue, 11/24/2015 - 00:14

Taggings:

Logging network traffic via the console

It is possible to log the network traffic with a simple console command, so it is not mandatory to install any additional software.

  1. Open console with admin rights
  2. Execute the following command to start the logging

    3. netsh trace start persistent=yes capture=yes tracefile=c:\temp\test.etl

    The folder /temp/ has to exist already.

  3. Execute the following command to stop the logging

    4. netsh trace stop

  4. Now you can analyze the logged data in the file test.etl

    5. To view the data you can for example use Microsoft Message Analyzer (http://www.microsoft.com/en-us/download/details.aspx?id=44226) including practical filter options.

Submitted by Christina Plössnig on Mon, 11/23/2015 - 23:41

Taggings: