CODEWITHSUNDEEP
linuxhttphttprequesttcpdump
user3120926
user3120926

Reputation: 211

Show tcp http request port 80 Linux

I using this command sudo tcpdump -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420' but it show me every request several times. I also want to get from this command: time, referer and IP and show all of this in one line every request in this format: [21:51:22] www.Google.co.il/mail IP 1.1.1.1

Upvotes: 3

Views: 2634

Answers (3)

user656047
user656047

Reputation: 1

Or using justniffer

justniffer -i eth0

https://github.com/onotelli/justniffer

Upvotes: 0

jonschipp
jonschipp

Reputation: 841

Ngrep will show everything on one line including time, referrer, and host.

ngrep -d eth1 -q "GET " -W single 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'


T 2014/03/23 22:57:45.959936 192.168.1.71:56718 -> 67.67.5.144:80 [AP] GET /clients/wfie/staticMaps/113.gif HTTP/1.1..Host: weather.wdtinc.com..Connection: keep-alive..Cache-Control: max-age=0..Accept: image/webp,*/*;q=0.8..If-None-Match: W/"1f0683-19ef-4f54de24fa540"..If-Modified-Since: Sun, 23 Mar 2014 22:46:05 GMT..User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36..Referer: http://www.14news.com/..Accept-Encoding: gzip,deflate,sdch..Accept-Language: en-US,en;q=0.8....

Also, if you just want to filter on tcp port 80 than you can use:

'tcp port 80 && tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'

and if you only want outgoing requests on port 80 add direction:

'tcp dst port 80 && tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'

Upvotes: 0

Ankit Kumar
Ankit Kumar

Reputation: 1463

you can just run the following command for showing you tcp traffic to/from port 80

tcpdump 'tcp port 80' -i eth0

Upvotes: 2

Related Questions