Use tcpdump to sniff HTTP requests

Sometimes you are interested if the software issues proper HTTP requests to the server. You have three options here:

  1. checking client logs and assume all HTTP requests are reported
  2. checking server logs to see what have been issued
  3. using tcpdump for traffic monitoring

I'll show you 3rd method – it's useful if you don't have access to server nor to client logs.

$ sudo tcpdump -s 1024 -l -A dst -i eth0 | grep HTTP
..Hp.c..GET /url/path?param1=value1&OpCode=add&ChannelID=101434 HTTP/1.1
.....c.*GET /url/path?param2=value2&OpCode=add&ChannelID=101434 HTTP/1.1 is the server IP address.

Pretty simple and more elegant solution than using full wireshark (and you can use it having only console access).

This entry was posted in en and tagged . Bookmark the permalink.