AppendixEven if the only HTTP traffic that you deliberately generated during the capture
session was through the downloader program, it's possible that we'll see more HTTP
packets than just those. This is because some programs, such as file cloud storage
clients, communicate with their services in the background quite frequently through
HTTP. Also, Wireshark currently identifies SSDP protocol packets as HTTP, since
SSDP is derived from HTTP.
Not a problem though, we can refine our filter. The unique identifying feature of our
downloader packets is the server that we communicated with, http://www.ietf.org. If we
take a look at the packet list, you can see that the source and destination addresses of
the captured packets are IP addresses, so before we write our new filter, we need to
find out the IP address of http://www.ietf.org.