About Network Analysis for SharePoint
Network traffic analysis is crucial for debugging SharePoint Online issues, understanding API calls, and monitoring authentication flows. Whether you're troubleshooting performance problems, authentication failures, or API errors, capturing and analyzing network traffic provides invaluable insights into the root cause of issues.
Download Fiddler
Official Download: Telerik Fiddler Classic or Fiddler Everywhere
Choose Fiddler Classic for Windows or Fiddler Everywhere for cross-platform support.
Tool Options: Fiddler vs Browser Developer Tools
Method 1: Fiddler (Advanced Analysis)
Best for: Deep HTTP analysis, HTTPS decryption, advanced filtering, and professional debugging scenarios.
Installation and Setup
- Download Fiddler: Get Fiddler Classic (Windows) or Fiddler Everywhere (cross-platform)
- Install Application: Run installer with administrator privileges
- Configure HTTPS Decryption: Tools > Options > HTTPS tab
- Enable HTTPS Capture: Check "Capture HTTPS CONNECTs" and "Decrypt HTTPS traffic"
- Install Certificate: Click "Install Certificate" and trust the Fiddler root certificate
- Restart Browser: Close and reopen browsers to pick up proxy settings
SharePoint-Specific Configuration
# Fiddler Filters for SharePoint Online
Host: *.sharepoint.com
Host: *.microsoftonline.com
Host: *.office.com
Host: *.windows.net
# Filter by Request Methods
Method: POST # API calls, form submissions
Method: GET # Page loads, resource requests
Method: PUT # Updates and modifications
Method: DELETE # Deletion operations
# Filter by Response Codes
Status: 4** # Client errors (401, 403, 404, etc.)
Status: 5** # Server errors (500, 503, etc.)
Status: 200 # Successful requests
Advanced Fiddler Features
- AutoResponder: Mock API responses for testing scenarios
- Composer: Craft and send custom HTTP requests
- Timeline View: Visualize request timing and dependencies
- Request Comparison: Compare similar requests to identify differences
- Script Debugging: Custom FiddlerScript for automated analysis
Method 2: Browser Developer Tools (Quick Analysis)
Best for: Quick debugging, basic network analysis, and scenarios where Fiddler installation isn't possible.
Step-by-Step Process
- Open Developer Tools: Press F12 in Chrome, Edge, or Firefox
- Navigate to Network Tab: Click on the "Network" tab in developer tools
- Clear Existing Entries: Click the clear button (🚫) to remove old network entries
- Enable Recording: Ensure recording is enabled (red circle should be visible)
- Reproduce Issue: Perform the action that causes the SharePoint problem
- Analyze Results: Look for failed requests (red entries) and examine response details
Browser DevTools Analysis Features
- Request Headers: Examine authentication tokens, user agents, and custom headers
- Response Analysis: View response bodies, headers, and status codes
- Timing Information: Analyze request timing breakdown (DNS, SSL, response time)
- Initiator Tracking: See which script or action triggered each request
- Resource Filtering: Filter by domain, file type, or response status
# Useful Browser DevTools Filters
# Filter by domain
sharepoint.com
microsoftonline.com
# Filter by status codes
status-code:4* # Client errors
status-code:5* # Server errors
status-code:200 # Successful requests
# Filter by request methods
method:POST
method:GET
# Filter by resource type
xhr # AJAX requests
fetch # Fetch API calls
doc # Documents/pages
SharePoint Correlation ID: Critical for Support
Understanding Correlation IDs
Every SharePoint Online request generates a unique Correlation ID that Microsoft support uses to trace issues in their logs. This ID is essential for effective support interactions and should always be captured when reporting problems.
Where to Find Correlation IDs
- Error Pages: Displayed prominently in SharePoint error messages
- HTTP Headers: Found in response headers as "SPRequestGuid" or "request-id"
- Browser Console: Sometimes logged in JavaScript console errors
- ULS Logs: Recorded in SharePoint's Unified Logging System
Capturing Correlation IDs
# In Fiddler - Look for these headers in responses:
SPRequestGuid: 12345678-1234-1234-1234-123456789012
request-id: 87654321-4321-4321-4321-210987654321
X-SharePointHealthScore: 1
# In Browser DevTools - Check Response Headers:
1. Select failed request
2. Click Headers tab
3. Look in Response Headers section
4. Find SPRequestGuid or request-id value
Common SharePoint HTTP Response Codes
Success Codes (2xx)
200 OK - Request successful, content returned
201 Created - Resource created successfully (new item/document)
202 Accepted - Request accepted for processing (async operations)
204 No Content - Successful operation with no content (DELETE, some PUTs)
Client Error Codes (4xx) - SharePoint Specific
400 Bad Request - Invalid request syntax or malformed data
401 Unauthorized - Authentication required or failed
403 Forbidden - User lacks permissions for the resource
404 Not Found - Site, list, item, or resource doesn't exist
409 Conflict - Resource already exists or version conflict
412 Precondition Failed - If-Match header doesn't match current ETag
413 Payload Too Large - File upload exceeds size limits (100GB max)
415 Unsupported Media - File type blocked by admin policy
429 Too Many Requests - Rate limiting or throttling applied
Server Error Codes (5xx) - SharePoint Specific
500 Internal Server Error - General server error, check Correlation ID
503 Service Unavailable - Service temporarily unavailable or throttled
504 Gateway Timeout - Request timeout (large operations, slow networks)
507 Insufficient Storage - Site storage quota exceeded
Practical Analysis Scenarios
Authentication and Login Issues
Authentication Flow Analysis
Monitor these key URLs during authentication problems:
# OAuth Authentication Flow URLs
https://login.microsoftonline.com/*/oauth2/authorize
https://login.microsoftonline.com/*/oauth2/token
https://*.sharepoint.com/_forms/default.aspx
https://*.sharepoint.com/_trust/
# Common Authentication Response Codes
302 - Normal redirect during OAuth flow
401 - Authentication failed or expired
403 - User account disabled or conditional access blocked
API Call Debugging
# SharePoint REST API Endpoints to Monitor
/_api/web/lists # List operations
/_api/web/currentuser # Current user context
/_api/search/query # Search operations
/_vti_bin/client.svc # Client object model calls
/_layouts/15/basepage.aspx # Page rendering
# Key Headers to Examine
Accept: application/json;odata=verbose
Content-Type: application/json;odata=verbose
Authorization: Bearer [token]
X-RequestDigest: [form digest value]
If-Match: [etag for updates]
Performance Analysis
- Request Timing: Identify slow API calls and resource loading
- Payload Size: Check for oversized responses or uploads
- Concurrent Requests: Monitor request parallelization and dependencies
- Caching Behavior: Verify cache headers and browser caching efficiency
- CDN Performance: Analyze Office 365 CDN usage and effectiveness
Best Practices for Network Analysis
Data Collection
- Clear Cache First: Start with clean browser cache to avoid misleading results
- Reproduce Consistently: Ensure the issue can be reproduced reliably
- Capture Complete Flows: Start recording before the issue occurs
- Document Context: Note user actions, timing, and environmental factors
- Save Sessions: Export Fiddler sessions or save HAR files for later analysis
Analysis Methodology
- Start with Errors: Focus on failed requests (4xx, 5xx status codes) first
- Check Authentication: Verify OAuth flows and token validity
- Examine Timing: Identify performance bottlenecks and slow requests
- Validate Headers: Ensure required headers are present and correct
- Compare Working vs Broken: Analyze differences between successful and failed scenarios
Security and Privacy
- Sensitive Data Handling: Be cautious with authentication tokens and personal data
- Certificate Trust: Only install Fiddler certificates on development machines
- Session Sharing: Sanitize captures before sharing with others
- Compliance Considerations: Follow organizational policies for network monitoring
Troubleshooting Common Network Issues
Fiddler Not Capturing HTTPS Traffic
- Verify HTTPS decryption is enabled in Fiddler options
- Check that Fiddler certificate is installed and trusted
- Restart browser after enabling HTTPS capture
- Verify proxy settings aren't being overridden
- Try disabling antivirus HTTPS scanning temporarily
Browser DevTools Missing Network Data
- Ensure Network tab is open before reproducing the issue
- Check that recording is enabled (red circle visible)
- Clear network log and try again
- Disable browser extensions that might interfere
- Try in incognito/private mode to rule out cache issues
SharePoint-Specific Network Issues
- CORS Errors: Cross-origin request issues with SharePoint APIs
- Request Digest Expiration: Form digest values timing out for POST operations
- Authentication Token Renewal: OAuth token refresh failures
- Throttling Responses: 429 status codes indicating rate limiting
Integration with Other SharePoint Tools
PowerShell Correlation
# Use network analysis to validate PowerShell operations
# Example: Monitor API calls during PowerShell execution
# In Fiddler/DevTools, look for these patterns during PowerShell:
POST /_vti_bin/client.svc/ProcessQuery
GET /_api/web/lists/getbytitle('ListName')
POST /_api/web/lists/getbytitle('ListName')/items
# Correlation with PowerShell error messages:
# Match Correlation IDs from network traffic with PowerShell exceptions
Search Query Tool Validation
- API Call Verification: Confirm search queries are reaching the search service
- Result Processing: Analyze how search results are formatted and returned
- Performance Metrics: Compare query execution times across different methods
- Error Diagnosis: Identify search service communication failures
About the Author: Nagendra Jayaram is a Microsoft Sr Technical Advisor with 18+ years of enterprise experience specializing in SharePoint Online troubleshooting and network analysis.