This article is a quick and easy HowTo detailing the use of Wireshark or another network sniffing program to debug your Apache .htaccess or httpd.conf files.
First some shell based tools.
wget -S --spider URL
lynx -head -dump URL
curl -I URL
HEAD URL
GET -de URL
w3m -dump_head URL
siege -g URL
Set Your Capture-filter to
tcp port 80
and then start capturing. Use any of the following display filters to view the data you want.
http
http.request.uri contains "flv" or http.request.uri contains "swf" or http.content_type contains "flash" or http.content_type contains "video"
http.cache_control != "private, x-gzip-ok="""or
(((((http.cache_control != "private, x-gzip-ok=""") && !(http.cache_control == "no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private")) && !(http.cache_control == "max-age=0, no-store")) && !(http.cache_control == "private")) && !(http.cache_control == "no-cache")) && !(http.cache_control == "no-transform")
#404: page not found http.response.code == 404 #200: OK http.response.code == 200
http.request.method == "POST" || http.request.method == "PUT"
http.content_type[0:4] == "text"
http.content_type contains "javascript"
http.content_type[0:5] == "image"
http.content_type == "image/gif"
http.response !=0 || http.request.method != "TRACE"
When this preference is enabled, then the HTTP dissector will reassemble the HTTP header if it has been transmitted over more than one TCP segment. Although it is unusual for headers span multiple segments, it's not impossible, and this should be checked if you expect to view the contents of the HTTP conversation.
When this preference is enabled, then the HTTP dissector will reassemble the HTTP body if it has been transmitted over more than one TCP segment. All but the smallest of responses will span multiple segments, so this preference should be checked if you expect to view the contents of the HTTP conversation. See TCP Reassembly for an example on how to use this to extract JPEG images from a capture.
When this preference is enabled, any chunked transfer-coding response spanning multiple segments will be decoded and the payload (the body of the response) will be added to the protocol tree. This happens automatically for one segment responses.
Enable this preference if gzip or deflate encoded (compressed) HTTP entities should be decoded. This allows the visualisation of the compressed data, and possibly the dissection of it.