How can i sniff/dump HTTP protocol as ASCII for a port with tcpdump or altenative?
ngrep is very useful for this. Something as simple as
ngrep -W byline port 80
would work, but you can filter on the content of the requests too (hence the grep part of the name), and it prints out the packet payload:
ngrep -W byline some_string port 80
If you wanted to use tcpdump a command like this tcpdump -s 0 -A -qn filters
should give you what you want. The -s 0
sets the packet size and -A
dumps ascii. Instead of -A
you might also like -X
which will provide you the output in a hexdump style format.
You could also use wireshark, and once you are done capturing just right-click on one of the packets and select the 'Follow TCP Stream'.
I've done quite a lot of this with wireshark. Sniff the traffic I want with tcpdump, ship it to somewhere I can launch Wireshark, and then view the trace with Wireshark. Tracing the TCP session gives me the request and answer in a nice ASCII form. Works great.