z0mbix/tcpdump-es-capture

## tcpdump-es-capture
# tcpdump -A -nn -s 0 'tcp dst port 9200 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -i lo
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
14:32:33.525122 IP 127.0.0.1.49777 > 127.0.0.1.9200: Flags [P.], seq 313752908:313753888, ack 2465010394, win 257, options [nop,nop,TS val 2684167067 ecr 2684167066], length 980
E...^.@.@............q#...}L...............
..#...#.GET /index/_search HTTP/1.1
Host: 127.0.0.1:9200
Accept: */*
Content-Length: 845
Content-Type: application/x-www-form-urlencoded

{"aggs":{"colour":{"terms":{"field":"colour","size":30}},"brand_raw":{"terms":{"field":"brand_raw","size":50},"aggs":{"slug":{"terms":{"field":"brand_slug","size":1}}}},"retailer_raw":{"terms":{"field":"retailer_raw","size":50},"aggs":{"slug":{"terms":{"field":"retailer_slug","size":1}}}},"min_price":{"min":{"field":"price"}},"max_price":{"max":{"field":"price"}},"category":{"terms":{"field":"category","order":{"_term":"asc"},"size":0}}},"size":48,"sort":{"_script":{"script":"doc['special_price'].value > 0 ? doc['special_price'].value : doc['price'].value","type":"number","order":"asc"}},"query":{"filtered":{"query":{"bool":{"must":[{"match_all":{}}]}},"filter":{"bool":{"must":[{"match_all":{}},{"bool":{"should":[{"type":{"value":"product"}},{"type":{"value":"product"}}]}}],"must_not":[{"term":{"retailer":"internal"}}]}}}}}
^C
1 packets captured
2 packets received by filter
0 packets dropped by kernel
	# tcpdump -A -nn -s 0 'tcp dst port 9200 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -i lo
	tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
	listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
	14:32:33.525122 IP 127.0.0.1.49777 > 127.0.0.1.9200: Flags [P.], seq 313752908:313753888, ack 2465010394, win 257, options [nop,nop,TS val 2684167067 ecr 2684167066], length 980
	E...^.@.@............q#...}L...............
	..#...#.GET /index/_search HTTP/1.1
	Host: 127.0.0.1:9200
	Accept: /
	Content-Length: 845
	Content-Type: application/x-www-form-urlencoded

	{"aggs":{"colour":{"terms":{"field":"colour","size":30}},"brand_raw":{"terms":{"field":"brand_raw","size":50},"aggs":{"slug":{"terms":{"field":"brand_slug","size":1}}}},"retailer_raw":{"terms":{"field":"retailer_raw","size":50},"aggs":{"slug":{"terms":{"field":"retailer_slug","size":1}}}},"min_price":{"min":{"field":"price"}},"max_price":{"max":{"field":"price"}},"category":{"terms":{"field":"category","order":{"_term":"asc"},"size":0}}},"size":48,"sort":{"_script":{"script":"doc['special_price'].value > 0 ? doc['special_price'].value : doc['price'].value","type":"number","order":"asc"}},"query":{"filtered":{"query":{"bool":{"must":[{"match_all":{}}]}},"filter":{"bool":{"must":[{"match_all":{}},{"bool":{"should":[{"type":{"value":"product"}},{"type":{"value":"product"}}]}}],"must_not":[{"term":{"retailer":"internal"}}]}}}}}
	^C
	1 packets captured
	2 packets received by filter
	0 packets dropped by kernel