UPWORK/ODESK guru: Tips and Tricks for clients

skype: upwork.link , email: info@upwork.link

How to display HTTP Headers via tcpdump

without comments

To display the HTTP Headers using just tcpdump the following syntax can be used :

You can read – tcpdump_advanced_filters
or http://www.wains.be/pub/networking/tcpdump_advanced_filters.txt

Analyzing:

cat /tmp/tcpdump* | sed -e s/^.*Host:/Host:/ | egrep Host | sort | uniq -c

1.

tcpdump -vvv -s 1024 -i eth0 -l -A  "src X.X.X.X and (dst port 80 or dst port 443)" | egrep 'User-Agent|Host'

2. To monitor HTTP traffic including request and response headers and message body:

tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

3. To monitor HTTP traffic including request and response headers and message body from a particular source:

tcpdump -A -s 0 'src example.com and tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

4. To monitor HTTP traffic including request and response headers and message body from local host to local host:

tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -i lo

Written by spectre

November 23rd, 2014 at 11:39 pm

Leave a Reply

*