bash 如何使用 tcpdump 捕获所有 HTTP 数据包
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9241391/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to capture all the HTTP packets using tcpdump
提问by Shiplu Mokaddim
I want to run tcpdumpwith some parameters (still don't know what to use), then load the stackoverflow.com page.
我想运行tcpdump一些参数(仍然不知道使用什么),然后加载stackoverflow.com页面。
Output should be the HTTP communication. Later, I want to use it as a shell script, so whenever I want to check the HTTP communication of a site site.com, I just can run script.sh site.com.
输出应该是 HTTP 通信。后来想把它当成一个shell脚本来用,所以每当我想查看一个站点site.com的HTTP通信时,只要运行script.sh site.com.
The HTTP communication should be simple enough. Like this:
HTTP 通信应该足够简单。像这样:
GET /questions/9241391/how-to-capture-all-the-http-communication-data-using-tcp-dump
Host: stackoverflow.com
...
...
HTTP/1.1 200 OK
Cache-Control: public, max-age=60
Content-Length: 35061
Content-Type: text/html; charset=utf-8
Expires: Sat, 11 Feb 2012 15:36:46 GMT
Last-Modified: Sat, 11 Feb 2012 15:35:46 GMT
Vary: *
Date: Sat, 11 Feb 2012 15:35:45 GMT
....
decoded deflated data
....
Now, which options should I use with tcpdumpto capture it?
现在,我应该使用哪些选项tcpdump来捕获它?
回答by Shiplu Mokaddim
It can be done by ngrep
它可以通过 ngrep
ngrep -q -d eth1 -W byline host stackoverflow.com and port 80
^ ^ ^ ^
| | | |
| | | |
| | | v
| | | filter expression
| | |
| | +--> -W is set the dump format ("normal", "byline", "single", "none")
| |
| +----------> -d is use specified device instead of the pcap default
|
+-------------> -q is be quiet ("don't print packet reception hash marks")
回答by souser
Based on what you have mentioned, ngrep (on Unix) and Fiddler (Windows) might be better/easier solutions.
根据您提到的内容,ngrep(在 Unix 上)和 Fiddler(Windows)可能是更好/更简单的解决方案。
If you absolutely want to use tcpdump, try out the following options
如果您绝对想使用 tcpdump,请尝试以下选项
tcpdump -A -vvv host destination_hostname -A (ascii) -vvv (verbose output)
回答by guohongjun
tcpdump -i eth0 -w dump3.pcap -v 'tcp and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
