-
-
Save xikaos/710d8b726e727161bfd0833a8b229005 to your computer and use it in GitHub Desktop.
tcpdump http monitor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ~// WARNING: The command DOES NOT WORK if you don't have root access to yout network device. Prepend sudo if you are not root. \\~ | |
| Use TCPDUMP to Monitor HTTP Traffic | |
| 1. To monitor HTTP traffic including request and response headers and message body: | |
| tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | |
| 2. To monitor HTTP traffic including request and response headers and message body from a particular source: | |
| tcpdump -A -s 0 'src example.com and tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | |
| 3. To monitor HTTP traffic including request and response headers and message body from local host to local host: | |
| tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -i lo | |
| 4. To only include HTTP requests, modify “tcp port 80” to “tcp dst port 80” in above commands | |
| 5. Capture TCP packets from local host to local host | |
| tcpdump -i lo | |
| Source: https://sites.google.com/site/jimmyxu101/testing/use-tcpdump-to-monitor-http-traffic |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment