如何捕获使用tcpdump的所有的HTTP报文 [英] How to capture all the HTTP packets using tcpdump
本文介绍了如何捕获使用tcpdump的所有的HTTP报文的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我要运行的tcpdump 有一些参数(仍然不知道有什么用)。然后加载这个页面stackoverflow.com。
I want to run tcpdump with some parameters (Still dont know what to use). Then load the this stackoverflow.com page.
输出应该是HTTP通讯。后来,我想用它作为一个shell脚本。所以每当我要检查一个网站site.com我只可以运行的HTTP江西通信 script.sh site.com
Output should be the HTTP communication. Later I want to use it as a shell script. So whenever I want to check the HTTP communicaiton of a site site.com I just can run script.sh site.com
中的HTTP通讯应该是很简单的。就像下面。
The HTTP communication should be simple enough. Like following.
GET /questions/9241391/how-to-capture-all-the-http-communication-data-using-tcp-dump
Host: stackoverflow.com
...
...
HTTP/1.1 200 OK
Cache-Control: public, max-age=60
Content-Length: 35061
Content-Type: text/html; charset=utf-8
Expires: Sat, 11 Feb 2012 15:36:46 GMT
Last-Modified: Sat, 11 Feb 2012 15:35:46 GMT
Vary: *
Date: Sat, 11 Feb 2012 15:35:45 GMT
....
decoded deflated data
....
现在,你能告诉我,我应该用的tcpdump 使用的选项捕捉到它。
Now, could you tell me which options should I use with tcpdump to capture it.
推荐答案
它可以通过的ngrep
ngrep -q -d eth1 -W byline host stackoverflow.com and port 80
^ ^ ^ ^
| | | |
| | | |
| | | v
| | | filter expression
| | |
| | +--> -W is set the dump format ("normal", "byline", "single", "none")
| |
| +----------> -d is use specified device instead of the pcap default
|
+-------------> -q is be quiet ("don't print packet reception hash marks")
这篇关于如何捕获使用tcpdump的所有的HTTP报文的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
