Skip to content

Instantly share code, notes, and snippets.

@grantpullen
Created June 22, 2020 11:47
Show Gist options
  • Save grantpullen/f8e8a889b65345ddcb48aef4449a0e94 to your computer and use it in GitHub Desktop.
Save grantpullen/f8e8a889b65345ddcb48aef4449a0e94 to your computer and use it in GitHub Desktop.

Display live HTTP traffic to console on a specified port for all interfaces

tcpdump -A -i any 'port 1333 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

The example above captures all TCP traffic at port 133 and filter out the TCP session setup (SYN / FIN / ACK)

  • -A Print each packet (minus its link level header) in ASCII. Handy for capturing web pages.
  • -i any Include all interfaces
  • port 1333 Only look at TCP traffic to/from port 1333
  • (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0) filter out the TCP session setup (SYN / FIN / ACK)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment