Reputation: 9669
Tool to monitor/record TCP streams
I'm trying to analyze JSON-RPC traffic from an application to understand an undocumented protocol. So far, I've been using Wireshark's "follow TCP stream" feature, but there's a lot of clicking involved.
Could I use tcpdump or tshark to accomplish something similar?
I simply need all of the the TCP stream data going from/to a specific host dumped to stdout.
Upvotes: 0
Views: 1441
Answers (2)
Reputation: 12552
What you are looking for is Bro's contents script to record the payload of a TCP stream. Just invoke Bro as follows:
bro -r trace.pcap contents
which will create files in the form of
contents.<sourceIP>.<sourcePORT>-<destinationIP>.<destinationPORT>
per flow. What you get with Bro is a thoroughly tested TCP reassembler, which makes it the ideal tool for payload inspection and higher-level protocol analysis.
Upvotes: 1
Reputation: 9669
The tool that let me do what I was looking for was "ngrep", I did:
sudo ngrep -Wbyline '' dst host <ip-address> or src host <ip-address>
Upvotes: 0
Related Questions
- Monitoring multiple ports in tcpdump
- Network capture toolset that store a buffer and saves on a trigger
- tcpdump / wireshark capturing problems
- netcat: listen and capture TCP packets
- Capture incoming traffic in tcpdump
- TCPDump and TCPReplay to record and replay requests to application servers
- Follow TCP stream on multiple TCP sessions?
- Wireshark- Follow TCP Stream
- Capturing incoming tcp/ip packets
- Monitor tcp data