Wireshark - How do I filter just traffic from visual studio?

Asked 20/3, 2012 at 16:41 Answered 10/9, 2015 at 20:26

I am trying to use wireshark to discover why visual studio is not downloading debug symbols.

1) How do I determine which of the addresses that I see in the wireshark capture is that of visual studio?

2) How do I filter so I just see traffic froma and to Visual Studio in the capture pane?

My related question on trying to discover why visual studio is not downloading debug symbols is here - Debug Symbols not loading

Gherardi answered 20/3, 2012 at 16:41 Comment(0)

Process Monitor is a nice lightweight tool for seeing which sockets a process is using. You can filter the PID or the .exe name (e.g. devenv.exe)

If you run Wireshark at the same time you can then filter on the right sockets to do your performance analysis.

enter image description here

Gondi answered 23/3, 2012 at 0:32 Comment(0)

You can set a capture filter to only display traffic from a specific tcp port, which you can point to the port where your IIS is running. This choice is under the capture->options menu in Wireshark. Once you are only capturing traffic from a single port, it is alot easier to tell who is sending/receiving each packet.

enter image description here

Slat answered 20/3, 2012 at 16:54 Comment(5)

Thanks for the advice. I have tried this but I am not seeing any traffic on port 3389. How do I find out which port IIS is running under? Also do I really need to be filtering for the IIS port. I am only trying to see if there is any traffic from visual studio trying to download symbols (not any application that I am developing) does the traffic of visual studio itself go via IIS? – Gherardi 20/3, 2012 at 18:52

Sorry, I thought the question was more about how to filter tcp traffic using wireshark. Are you trying to do remote debugging from Visual Studio? or are you trying to run on your local machine and can't debug. – Slat 20/3, 2012 at 19:0

The question is about capturing traffic with wireshark. I am trying to configure visual studio to download debug symbols so I can step into the .net source code. Visual Studio itself should be downloading the debug symbols but for some reason it isn't working. So I would like to use wireshark to view the traffic between visual studio and the mircosoft symbol servers. I know very little about networking and wireshark but I would expect visual studio would comunitcate directly with the symbol servers. Does it not? How do I filter to see just this traffic? thanks – Gherardi 20/3, 2012 at 19:27

Wireshark is probably overkill for what you are doing, it is much better suited to running traces on the server. You may be able to get a better idea of the network traffic being sent from your local machine using a program like Fiddler, fiddler2.com/fiddler2 which is much more user friendly. Unfortunately, I can't help much with the other part of figuring out why the symbols aren't being downloaded :( – Slat 20/3, 2012 at 19:36

Thanks, I have tried fiddler. I don't see any relevant traffic in fiddler. Another person has informed me that fiddler is just a proxy that deals with http and so may not capture the symbol load requests. – Gherardi 20/3, 2012 at 22:15

Microsoft Message Filter seems to be a much more informative tool than Process Monitor, it can filter the capture by processID as well, while offering functionality close to that of Wireshark. It's not that lightweight as Process Monitor though (installer is ~60 Mb) and is proprietary (yet free).

Tough answered 10/9, 2015 at 20:26 Comment(0)

Recommended topics

Hot tags