Using Tcpdump to view HTTP request responses

https://www.jianshu.com/p/3cca9a74927c

tcpdump Installation

On the Ubuntu/debian system, perform the following command to install the Tcpdump tool:

sudo apt-get install tcpdump

On the CentOS system, perform the following command to install the Tcpdump tool:

sudo yum install tcpdump

After installing tcpdump, you can use the Man command to view the tcpdump document. If you want to take a look directly at some of the tcpdump examples, execute:

Mans Tcpdump | Less-ip examples

tcpdump View HTTP traffic View HTTP GET requests

sudo tcpdump-s 0-a ' TCP DST Port and tcp[((tcp[12:1) & 0xf0) >> 2): 4] = 0x47455420 '

viewing HTTP POST requests

sudo tcpdump-s 0-a ' TCP DST Port and tcp[((tcp[12:1) & 0xf0) >> 2:4] = 0x504f5354) '

View HTTP request response headers and data

sudo tcpdump-a-s 0 ' TCP port and (((Ip[2:2)-((IP[0]&0XF) <<2))-((tcp[12]&0xf0) >>2))!= 0) ' 
  
   sudo Tcpdump-x-S 0 ' TCP port and (((Ip[2:2)-((IP[0]&0XF) <<2))-((tcp[12]&0xf0) >>2))!= 0) '

  

Post Language

To understand the bit operations in the Tcpdump filter above, you need to understand the construction of TCP packets. A sample analysis is given in the following references.

The author has had this experience, took over a legacy software project, found that each API interface parameters are not documented, and the code in the annotation is outdated. When you take over this project, you need to understand the logic of the Code, and it helps to understand what the API request parameters are like in the actual running of the line. The author tried to modify the Nginx configuration file to record HTTP POST request information, but did not find a simple and effective scheme. Using the above tcpdump command to capture HTTP POST requests is straightforward. reference materials Can I use tcpdump to get HTTP requests, response headers and response body? Use TCPDUMP to Monitor HTTP traffic string-matching Capture Filter Generator