Monitor outgoing web requests as they’re happening

httphttpsmonitoringnetworkingprivacy

I want to see a list of all outgoing HTTP requests from my desktop. I think it should be possible to monitor HTTPS hostnames as well for local clients using Server Name Indication (SNI).

OS X has a nice GUI utility called Little Snitch, which is a per-app HTTP monitor and firewall rule front-end.

I would settle for a nice terminal utility. tcpdump is overkill as I just want to see where the traffic is going in real-time and not the transmitted data. Ideally, I would like to see what process made the request as well, but just seeing what dials home would be a nice start.

Best Answer

You can use lsof and watch to do this, like so:

$ watch -n1 lsof -i TCP:80,443

Example output

dropbox    3280 saml   23u  IPv4 56015285      0t0  TCP greeneggs.qmetricstech.local:56003->snt-re3-6c.sjc.dropbox.com:http (ESTABLISHED)
thunderbi  3306 saml   60u  IPv4 56093767      0t0  TCP greeneggs.qmetricstech.local:34788->ord08s09-in-f20.1e100.net:https (ESTABLISHED)
mono       3322 saml   15u  IPv4 56012349      0t0  TCP greeneggs.qmetricstech.local:54018->204-62-14-135.static.6sync.net:https (ESTABLISHED)
chrome    11068 saml  175u  IPv4 56021419      0t0  TCP greeneggs.qmetricstech.local:42182->stackoverflow.com:http (ESTABLISHED)
Related Question