Wireshark mailing list archives
Re: filter for ONLY initial get request
From: Sake Blok <sake () euronet nl>
Date: Thu, 12 Aug 2010 12:06:00 +0200
On 12 aug 2010, at 11:32, Thierry Emmanuel wrote:
The best I have come up with so far is to look only at requested objects of type "text/html" and then look at the referer instead of the host header (and the host header if the referer is empy). But also this is far from perfect. It leaves in false positives and might have some false negatives too. But you can give it a shot to see how it compares to what you already have...I don't know how you want to use the referrer header. It is filled whether the object were requested by the browser to complete the display of the page or by the user by clicking on a link. The only case it isn't given by the browser is when the user explicitly type an url in the address bar of his favorite browser.
The thought behind using the referer header is that it will filter out the objects that the user did not manually requested. Give it some thought, a user types in a URL in the browser, the referer is empty so we need to count this request. The page contains several objects. They are requested with the requested page as the referer. It is save to count these as this is what the user requested. Even though the requested objects are for advertisements (which the OP wants to skip). As long as the user clicks on links that link to pages on the same site, we are fine. Then the user clicks on a link to another site. OK the referer still points to the original site (so we have a miscount of 1), but assuming the user clicks on at least one link on within the new site, the new site still gets listed, only with one less count. Next to that I followed your handy tip to not count every object, but only count objects of type html by filtering on the Accept: header. Cheers, Sake ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: filter for ONLY initial get request, (continued)
- Re: filter for ONLY initial get request Jeffs (Aug 09)
- Re: filter for ONLY initial get request Sake Blok (Aug 09)
- Re: filter for ONLY initial get request Jeffs (Aug 10)
- Re: filter for ONLY initial get request Sake Blok (Aug 11)
- Re: filter for ONLY initial get request Jeffs (Aug 11)
- Re: filter for ONLY initial get request Thierry Emmanuel (Aug 11)
- Re: filter for ONLY initial get request Jeffs (Aug 11)
- Re: filter for ONLY initial get request Thierry Emmanuel (Aug 12)
- Re: filter for ONLY initial get request Sake Blok (Aug 12)
- Re: filter for ONLY initial get request Thierry Emmanuel (Aug 12)
- Re: filter for ONLY initial get request Sake Blok (Aug 12)
- Re: filter for ONLY initial get request Thierry Emmanuel (Aug 12)
- Re: filter for ONLY initial get request Jeffs (Aug 12)
- Re: filter for ONLY initial get request Thierry Emmanuel (Aug 12)
- Re: filter for ONLY initial get request Jeffs (Aug 12)
- Re: filter for ONLY initial get request Thierry Emmanuel (Aug 13)
- Re: filter for ONLY initial get request Jeffs (Aug 13)
- Re: filter for ONLY initial get request Martin Visser (Aug 15)
- Re: filter for ONLY initial get request Jeffs (Aug 12)
- libwsutil.so.0 => not found running tshark Jeffs (Aug 09)
- Re: libwsutil.so.0 => not found running tshark Jeff Morriss (Aug 10)