Q. For my academic project I would like to monitor and analyze data transferred via HTTP. How do I monitor HTTP Packets?
A. The easiest way is to use tcpdump program/command, which dumps traffic on a network. Tcpdump prints out the headers of packets on a network interface that match the given criteria such as monitor port 80 for http.
It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface.
Type the following command at shell prompt:
# tcpdump -n -i eth0 -s 0 -w output.txt src or dst port 80
Where,
- -n : Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
- -i eth0 : Specify interface to capture data.
- -s 0 : Snarf snaplen bytes of data from each packet rather than the default of 68. Setting to 0 means use the required length to catch whole packets.
- -w output.txt : Save data to output.txt file
- src or dst port 80 : Capture port 80.
Now open a browser and run your site and do other stuff. When finished stop tcpdump and open output.txt file for analyze data.
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
![Apache: [warn] _default_ VirtualHost overlap on port 80, the first has precedence Error and Solution](http://s13.cyberciti.org/images/shared/rp/3/24.jpg)
{ 2 comments… read them below or add one }
i have Fedora Core 6.0 and attach Printer Samsung ML – 1610. now i want to access that printer from Windows 2000 professional. Should i access that printer or not? if yes than how?
Thanx
the best http sniffer I ever seen on linux is justniffer . It is able to produce logs as an apache web server and you can add all other HTTP header fields.