Reputation: 35772
Tool to monitor and log a single HTTP connection on Linux?
We're trying to debug an issue with a server that must receive and respond to a large number of persistent HTTP connections.
Ideally we'd like a tool that could pick (at random) a single HTTP connection and log all traffic to and from it, such that we can see what is going on.
Unfortunately we don't have the ability to limit the number of persistent connections we must respond to (typically it is thousands of them), so we really need to tool to narrow down its monitoring to just a single connection.
Can anyone recommend such a tool, and give guidance on how to persuade it to do what we need?
Upvotes: 0
Views: 315
Answers (3)
Reputation: 26515
The actual capturing of packets is usually done by libpcap.
There are different tools building on top of it:
First there is good old
tcpdump. It is a text tool, which allows you to specify what packets you are interested in and prints (per default) a line for each matching packet. Actually you have lots of option what shall be done. You can also dump all traffic in a capture file.Then there is
wireshark(formerly known as ethereal). This is a GUI allowing you to capture packets as in tcpdump, and has lots of ways to analyze such data. It can also read and analyze capture files created by tcpdump.Along with wireshark comes
tshark(formerly known as tethereal), which is pretty much the console version of wireshark.If you are only interested in the data send in the packets have a look at
tcpflow.
There are also some more advanced tools which can also be used to attack other hosts.
For example ettercap, will list all current connections and among others can show you the data send on that connection.
It is not completely clear from your question, what exactly you try to find out, but it sounds like something like tcpflow might be what you want.
Upvotes: 0
Reputation: 16305
If using wireshark directly doesn't work out, you could fiddle with the routing on a firewall/router type box and have the monitored connection go out over a different interface (where you can tap into it using wireshark or whatever) than all the rest of the connections to the server.
Upvotes: 0
Related Questions
- Python - How to view *all* HTTP connections coming in/out of my machine?
- Tool to monitor HTTP traffic
- How do I capture and store the outgoing HTTP requests sent from my server?
- which HTTP traffic monitoring tool can replace Fiddler
- HTTP Tools for analysis and capture of requests/response
- simple and quick tool on linux to watch a http request coming
- How to view (sniff) http traffic?
- Simple *nix tool for listening to HTTP requests and logging the request data
- How can I monitor HTTP traffic in C?
- HTTP communication monitoring on OS X