How can i sniff/dump HTTP protocol as ASCII for a port with tcpdump or altenative?

ngrep is very useful for this. Something as simple as

ngrep -W byline port 80

would work, but you can filter on the content of the requests too (hence the grep part of the name), and it prints out the packet payload:

ngrep -W byline some_string port 80

If you wanted to use tcpdump a command like this tcpdump -s 0 -A -qn filters should give you what you want. The -s 0 sets the packet size and -A dumps ascii. Instead of -A you might also like -X which will provide you the output in a hexdump style format.

You could also use wireshark, and once you are done capturing just right-click on one of the packets and select the 'Follow TCP Stream'.


I've done quite a lot of this with wireshark. Sniff the traffic I want with tcpdump, ship it to somewhere I can launch Wireshark, and then view the trace with Wireshark. Tracing the TCP session gives me the request and answer in a nice ASCII form. Works great.