Created
January 30, 2014 17:04
-
-
Save ziluvatar/8713455 to your computer and use it in GitHub Desktop.
Linux command to sniff a port in console
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #sudo apt-get install tcpflow | |
| sudo tcpflow -i any -C -e port <port> |
- To monitor HTTP traffic including request and response headers and message body:
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
- To monitor HTTP traffic including request and response headers and message body from a particular source:
tcpdump -A -s 0 'src example.com and tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
- To monitor HTTP traffic including request and response headers and message body from local host to local host:
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -i lo
- To only include HTTP requests, modify “tcp port 80” to “tcp dst port 80” in above commands
- Capture TCP packets from local host to local host
tcpdump -i lo
Source: https://sites.google.com/site/jimmyxu101/testing/use-tcpdump-to-monitor-http-traffic
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I can use this as well: tcpdump -s 0 -A 'tcp and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)'