Skip to content

Instantly share code, notes, and snippets.

@holydevil

holydevil/gist:7312372

Created November 5, 2013 01:28
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save holydevil/7312372 to your computer and use it in GitHub Desktop.
Save holydevil/7312372 to your computer and use it in GitHub Desktop.
Download ZIP
tcpdump to list HTTP requests source: http://stackoverflow.com/a/16610385
Raw
gistfile1.txt
man tcpdump | less -Ip examples
# tcpdump filter for HTTP GET
sudo tcpdump -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'
# tcpdump filter for HTTP POST
sudo tcpdump -s 0 -A 'tcp dst port 80 and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)'
# monitor HTTP traffic including request and response headers and message body
# cf. https://sites.google.com/site/jimmyxu101/testing/use-tcpdump-to-monitor-http-traffic
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
tcpdump -X -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment