Create a PCAP file
PCAP (packet capture) files consist of network packet data, created by capturing live network activity through capture tools such as Wireshark.
Uses for PCAP files
The generated .pcap file can be used for packet sniffing and analyzing network activity. VuGen can parse .pcap files and convert them to a Vuser script.
The primary uses for the .pcap file are:
- Web Services scripts. For details, see Create a script by analyzing traffic (Web Services).
- Mobile, Web - HTTP/HTML, SAP - Web, and Siebel - Web scripts. For details, see Create a Vuser script by analyzing a captured traffic file.
Create a capture file
This task describes how to create a .pcap capture file of network or application traffic to use in the preparation of a Vuser script.
Create a capture file containing a log of all TCP traffic over the network on a Windows platform. Use a downloadable capture tool such as Wireshark. Make sure to save the Wireshark capture file in the tcpdump format, as this is the format supported by VuGen.
Note: For supported Wireshark versions, see Supported Protocols.
We do not recommend using Wireshark versions 3.4.0-3.6.11 or 4.0.0-4.0.3. These versions contain a defect that may interfere with recording.
Create a capture file using tPacketCapture on Android devices, or a similar application.
- If tcpdump is not installed, install it using the Linux package installation command.
- To save captured traffic in a file, use tcpdump -w xxxx.pcap. For details about using tcpdump, such as interface selection, and file size settings, see the Tcpdump website.
Capture and decrypt HTTPS traffic
When WireShark or other capture tools create a .pcap file containing HTTPS traffic, the HTTPS raw data is encrypted and cannot be recorded into a Vuser script. To enable TLS (SSL) decryption, you can generate a key log file on the capture machine. The key log file is a text file created by browsers such as Firefox or Chrome.
Before capturing the traffic file, check that the following is set up:
- The key log file has been generated at the defined location. This requires defining the path in the SSLKEYLOGFILE system variable.
- The key settings are defined for the capture tool.
For more information, see the documentation for the relevant capture tool.
When VuGen converts the .pcap file into a Web - HTTP/HTML Vuser script, it uses the generated key log file to decrypt the data and publish it as text.
Known issues:
- HTTP/2 traffic is not supported.
-
In some cases, the recorded URL is displayed in the generated script with http:// instead of https:// at the start of the URL.
Workaround: Manually change http to https.
Tips for creating .pcap files
Use the following tips to ensure successful generation of your files:
-
To generate a smaller, more manageable script, try to capture the network traffic only for the time that you perform actions in your application.
-
When using external tools, make sure that all packet data is being captured and none of it is being truncated.
-
For command line capture utilities, make sure to provide all of the required arguments.
Troubleshooting missing packets
Issue: Your script is missing steps you recorded into a capture file.
You encounter the following warning in the Output Pane> Code generation tab:
Warning: One or more responses are missing or have missing packets. Therefore, a step may appear to be missing in the script. This issue can be caused if the recording was stopped before all the responses were received. If the script is generated from a .pcap file, check if the file has missing packets.
This error may be caused by unnecessary network activity on the recorded machine, which can cause the capturing application to drop packets.
Steps to Resolve: Ensure that the capturing machine has no unnecessary network traffic in the background.
Workaround for Mobile Applications - HTTP/HTML scripts: You can circumvent this issue using the Recording options. Select Recording Options > HTTP Properties > Advanced > Generate steps with missing responses to generate steps for HTTP requests that are missing server responses.
See also: