Using TShark

Today I realized this blog lost its google analytics (GA) tracking. Ooops, I accidentally erased the javascript that talks to Google Analytics in my blog template. I fixed the template on my blog, and wanted to verify my browser was sending data to GA. It takes the GA UI a while to show you data is coming in, so I decided to use tshark to see if my tracker code is working.

Tshark is the command line version of Wireshark, an Ethernet level packet sniffer. Lets see what HTTP GETs occur when I connect to one of my posts:

C:\Program Files\Wireshark>tshark.exe | findstr GET
Capturing on Microsoft
1) 67.936320 192.168.1.100 -> 64.233.169.191 HTTP GET  /2009/07/finding-clr-exceptions-with-visual.html HTTP/1.1 
2) 68.211983 192.168.1.100 -> 64.233.169.191 HTTP GET /dyn-css/authorization.css?targetBlogID=7821316&zx=defa99ec-5585-4463-a42d-a32bf4868482 HTTP/1.1
3) 68.393167 192.168.1.100 -> 64.233.169.139 HTTP GET  /__utm.gif?utmwv=4.5.8&utmn=1895005015&utmhn=ig2600.blogspot.com&utmcs=UTF-8&utmsr=1600x1200&utmsc=32-bit&ut
mul=en-us&utmje=1&utmfl=10.0%20r32&utmdt=Igor%27s%20Computer%20Blog%3A%20Finding%20CLR%20exceptions%20without%20visual%20studio&utmhid=396081822&utmr=0&utmp=%2F
2009%2F07%2Ffinding-clr-exceptions-with-visual.html&utmac=UA-6806517-1&utmcc=__utma%3D91978370.809539203.1241314101.1255744665.1255763228.10%3B%2B__utmz%3D91978
370.1255744665.9.3.utmcsr%3Dblogger.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2Fhtml%3B HTTP/1.1 
4) 68.393325 192.168.1.100 -> 64.233.169.191 HTTP GET /navbar.g?targetBlogID=7821316&blogName=Igor%27s+Computer+Blog&publishMode=PUBLISH_MODE_BLOGSPOT&navbarType=
BLUE&layoutType=LAYOUTS&searchRoot=http%3A%2F%2Fig2600.blogspot.com%2Fsearch&blogLocale=en_US&homepageUrl=http%3A%2F%2Fig2600.blogspot.com%2F&targetPostID=61412
67244510925043 HTTP/1.1
5) 68.517559 192.168.1.100 -> 64.233.169.191 HTTP GET /2009/07/finding-clr-exceptions-with-visual.html?action=backlinks&widgetId=Blog1&widgetType=Blog&responseTyp
e=js&postID=6141267244510925043 HTTP/1.1
6) 68.601057 192.168.1.100 -> 64.233.169.118 HTTP GET /gadgets/ifr?url=http%3A%2F%2Fwww.google.com%2Ffriendconnect%2Fgadgets%2Fmembers.xml&container=peoplesense&p
arent=http%3A%2F%2Fig2600.blogspot.com%2F&mid=0&view=profile&libs=opensocial-0.8%3Askins%3Adynamic-height%3Agoogle.blog&v=0.463.3〈=en&country=US&communityId
=02722510552710003866&caller=http%3A%2F%2Fig2600.blogspot.com%2F2009%2F07%2Ffinding-clr-exceptions-with-visual.html HTTP/1.1
7) 68.807944 192.168.1.100 -> 64.233.169.118 HTTP GET /gadgets/deps.js HTTP/1.1

What is that __utm.gif we GET in frame 3? How strange that it includes my screen resolution. A quick bing search finds this is indeed the connection to GA. So, my tracking code is good, and you should go learn how to use tshark.