Last active
August 29, 2015 13:58
-
-
Save zushane/10135707 to your computer and use it in GitHub Desktop.
monitor httpd via tcpdump
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # tcpdump filter for HTTP GET | |
| sudo tcpdump -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420' | |
| # tcpdump filter for HTTP POST | |
| sudo tcpdump -s 0 -A 'tcp dst port 80 and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
GET looks for the bytes 'G', 'E', 'T', and ' ' (hex values 47, 45, 54, and 20) just after the TCP header.
POST looks for the bytes 'P', 'O', 'S', and 'T' (hex values 50, 4f, 53, 54) just after the TCP header.