How can i sniff/dump HTTP protocol as ASCII for a port with tcpdump or altenative?

monitoring http tcpdump packet-sniffer

ngrep is very useful for this. Something as simple as

ngrep -W byline port 80

would work, but you can filter on the content of the requests too (hence the grep part of the name), and it prints out the packet payload:

ngrep -W byline some_string port 80

If you wanted to use tcpdump a command like this tcpdump -s 0 -A -qn filters should give you what you want. The -s 0 sets the packet size and -A dumps ascii. Instead of -A you might also like -X which will provide you the output in a hexdump style format.

You could also use wireshark, and once you are done capturing just right-click on one of the packets and select the 'Follow TCP Stream'.


I've done quite a lot of this with wireshark. Sniff the traffic I want with tcpdump, ship it to somewhere I can launch Wireshark, and then view the trace with Wireshark. Tracing the TCP session gives me the request and answer in a nice ASCII form. Works great.

Related

use SED recursively in linux?
CNAME record for Amazon S3 -- any drawbacks?
Is LDAP the only way to authenticate an web application against Active Directory?
EC2 login as EC2 user other than root
Different ways to shut down a system
Exchange 2010 sends out spam
Coding exercise for Linux Systems Admin?
Are Windows file permissions bound to the file, or the file system location?
Config deployment on multiple servers
Stop rsync from sending confirmation e-mails
Compute the square root of a complex number
I am not sure how to calculate this norm?