How to see dumps of wholе HTTP packets

httpmonitoringnetworking

I need to see whole HTTP packets sent and recieved by an application for debugging purposes. How can this be done in command-line?

Best Answer

Use tcpdump.

tcpdump -w httpdebug.pcap -i eth0 port 80 will sniff all packets heading to or from port 80 on the eth0 interface and output them to httpdebug.pcap, which you can then read at your leisure, either with tcpdump again (with multiple -x options, refer to the tcpdump manpage ) in console if you're feeling masochistic, or with wireshark.

I really can't recommend the latter highly enough, as it will let you sort out packets and follow the exact stream you want to see.

Related Solutions

On-the-fly monitoring HTTP requests on a network interface

Try tcpflow:

tcpflow -p -c -i eth0 port 80 | grep -oE '(GET|POST|HEAD) .* HTTP/1.[01]|Host: .*'

Output is like this:

GET /search?q=stack+exchange&btnI=I%27m+Feeling+Lucky HTTP/1.1
Host: www.google.com

You can obviously add additional HTTP methods to the grep statement, and use sed to combine the two lines into a full URL.

Generic HTTP server that just dumps POST requests

Simple core command line tools like nc, socat seem not to be able to handle the specific HTTP stuff going on (chunks, transfer encodings, etc.). As a result this may produce unexpected behaviour compared to talking to a real web server. So, my first thought is to share the quickest way I know of setting up a tiny web server and making it just do what you want: dump all output.

The shortest I could come up with using Python Tornado:

#!/usr/bin/env python

import tornado.ioloop
import tornado.web
import pprint

class MyDumpHandler(tornado.web.RequestHandler):
    def post(self):
        pprint.pprint(self.request)
        pprint.pprint(self.request.body)

if __name__ == "__main__":
    tornado.web.Application([(r"/.*", MyDumpHandler),]).listen(8080)
    tornado.ioloop.IOLoop.instance().start()

Replace the pprint line to output only the specific fields you need, for example self.request.body or self.request.headers. In the example above it listens on port 8080, on all interfaces.

Alternatives to this are plenty. web.py, Bottle, etc.

^{(I'm quite Python oriented, sorry)}

If you don't like its way of outputting, just run it anyway and try tcpdump like this:

tcpdump -i lo 'tcp[32:4] = 0x484f535420'

to see a real raw dump of all HTTP-POST requests. Alternatively, just run Wireshark.

Best Answer

Related Solutions

On-the-fly monitoring HTTP requests on a network interface

Generic HTTP server that just dumps POST requests

Related Question