How can i sniff/dump HTTP protocol as ASCII for a port with tcpdump or altenative?
Solution 1
ngrep is very useful for this. Something as simple as
ngrep -W byline port 80
would work, but you can filter on the content of the requests too (hence the grep part of the name), and it prints out the packet payload:
ngrep -W byline some_string port 80
Solution 2
If you wanted to use tcpdump a command like this tcpdump -s 0 -A -qn filters should give you what you want. The -s 0 sets the packet size and -A dumps ascii. Instead of -A you might also like -X which will provide you the output in a hexdump style format.
You could also use wireshark, and once you are done capturing just right-click on one of the packets and select the 'Follow TCP Stream'.
Solution 3
I've done quite a lot of this with wireshark. Sniff the traffic I want with tcpdump, ship it to somewhere I can launch Wireshark, and then view the trace with Wireshark. Tracing the TCP session gives me the request and answer in a nice ASCII form. Works great.
Related videos on Youtube
11 : 23
16 : 02
03 : 08
19 : 03
01 : 57
joshbivens
Updated on September 17, 2022Comments
-
joshbivens almost 2 years
I need to view how an application is sending and is receiving traffic through a http protocol that it comunicates on localhost (it has an embeded port coded with .gz) I'm sure it's some XML that it sends and receives but i want to sniff it , and then analize it
Is this possible somehow with Tcpdump? there i can see only that it connects but not the actual send receive
-
MrGigu almost 14 yearsYour use of
.gzmakes me think this is on Linux? You might want to specify.
-
-
joshbivens almost 14 yearsyes but i don't have a X11 interface, tcpdump is fine :) thank you
-
Zoredache almost 14 yearsYou could always use a forwarded X11 through SSH to your workstation. You could
tcpdump -s 0 -w filename.dmpto save a capture which you can open from wireshark somewhere else. -
franzlorenzon about 11 yearsYou need root permissions to run this right?
