Monitor or sniff Apache http packets

Q. For my academic project I would like to monitor and analyze data transferred via HTTP. How do I monitor HTTP Packets?

A. The easiest way is to use tcpdump program/command, which dumps traffic on a network. Tcpdump prints out the headers of packets on a network interface that match the given criteria such as monitor port 80 for http.

It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface.

Type the following command at shell prompt:

# tcpdump -n -i eth0 -s 0 -w output.txt src or dst port 80


  • -n : Don’t convert addresses (i.e., host addresses, port numbers, etc.) to names.
  • -i eth0 : Specify interface to capture data.
  • -s 0 : Snarf snaplen bytes of data from each packet rather than the default of 68. Setting to 0 means use the required length to catch whole packets.
  • -w output.txt : Save data to output.txt file
  • src or dst port 80 : Capture port 80.

Now open a browser and run your site and do other stuff. When finished stop tcpdump and open output.txt file for analyze data.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 2 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
2 comments… add one
  • Harshal Jani Feb 12, 2007 @ 13:44

    i have Fedora Core 6.0 and attach Printer Samsung ML – 1610. now i want to access that printer from Windows 2000 professional. Should i access that printer or not? if yes than how?

  • Diodore May 12, 2012 @ 14:59

    the best http sniffer I ever seen on linux is justniffer . It is able to produce logs as an apache web server and you can add all other HTTP header fields.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum