KrustyHack/Use TCPDUMP to Monitor HTTP Traffic.md

Last active January 26, 2021 13:17

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/KrustyHack/54e9298a963bfac04a2f7e199074d381.js"></script>
Save KrustyHack/54e9298a963bfac04a2f7e199074d381 to your computer and use it in GitHub Desktop.

Download ZIP

Kubernetes and Shit

Raw

Use TCPDUMP to Monitor HTTP Traffic.md

To monitor HTTP traffic including request and response headers and message body:

tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

To monitor HTTP traffic including request and response headers and message body from a particular source:

tcpdump -A -s 0 'src example.com and tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

To monitor HTTP traffic including request and response headers and message body from local host to local host:

tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -i lo

To only include HTTP requests, modify “tcp port 80” to “tcp dst port 80” in above commands
Capture TCP packets from local host to local host

tcpdump -i lo

Credits to https://sites.google.com/site/jimmyxu101/testing/use-tcpdump-to-monitor-http-traffic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment