≡ Menu

Monitor HTTP Packets ( packet sniffing )

How do I monitor and analyze data transferred via HTTP (apache or lighttpd or nginx webserver) for debugging and security purposes?

You can use old good tcpdump program to monitor port 80 (http port) traffic and packets. This can be done over console or remote session via ssh login. If possible, eliminate accesses to the web server other than a test client. Make sure you use port 80 (not port 443 / https ) i.e. the connection must be unencrypted so that the data can be analyzed. Also, note that usernames and passwords are logged in plain text.

Login as a root and type the following command at console:
# tcpdump -n -i {INTERFACE} -s 0 -w {OUTPUT.FILE.NAME} src or dst port 80
# tcpdump -n -i eth1 -s 0 -w output.txt src or dst port 80

Feel free to modify the interface eth1 and file name output.txt according to your setup. Now, you start a web browser and generate traffic. To stop tcpdump press CTRL+C. To examine the finished file output.txt use any text editor. I strongly suggest you import the file (output.txt) into the ethereal program (update: ethereal is renamed as wireshark) where, by right-clicking, it can be displayed in TCP packets (“Follow TCP Stream”) in a reader-friendly form.

Fig.01 - Wireshark in action: Displaying output.txt tcpudum file

Fig.01 - Wireshark in action: Displaying output.txt tcpudum file

See wireshark documentation for further details.

Share this tutorial on:

Your support makes a big difference:
I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

Don't Miss Any Linux and Unix Tips

Get nixCraft in your inbox. It's free:

{ 2 comments… add one }
  • Technoexplore June 14, 2010, 10:16 am

    Wonderful Article. Subscribed to your site. Looking forward for some good articles in operating systems

  • Gustavo Machado July 23, 2012, 8:12 pm

    Pretty cool article, tried it and it’s super easy and looking very good. Coming from a windows background, I knew that linux HAD to have good tooling for networking, and these two really excel!


Leave a Comment

You can use these HTML tags and attributes: <strong> <em> <pre> <code> <a href="" title="">

   Tagged with: , , , , , , , , , , , , , , , , , ,