On-the-fly monitoring HTTP requests on a network interface

http-loggingmonitoringnetworking

For debugging purposes I want to monitor the http requests on a network interface.

Using a naive tcpdump command line I get too much low-level information and the information I need is not very clearly represented.

Dumping the traffic via tcpdump to a file and then using wireshark has the disadvantage that it is not on-the-fly.

I imagine a tool usage like this:

$ monitorhttp -ieth0 --only-get --just-urls
2011-01-23 20:00:01 GET http://foo.example.org/blah.js
2011-01-23 20:03:01 GET http://foo.example.org/bar.html
...

I am using Linux.

Best Answer

Try tcpflow:

tcpflow -p -c -i eth0 port 80 | grep -oE '(GET|POST|HEAD) .* HTTP/1.[01]|Host: .*'

Output is like this:

GET /search?q=stack+exchange&btnI=I%27m+Feeling+Lucky HTTP/1.1
Host: www.google.com

You can obviously add additional HTTP methods to the grep statement, and use sed to combine the two lines into a full URL.

Related Solutions

networking,software-rec,monitoring,bandwidth – Best Network Monitoring Tools

Have a look at ntop.org.

Monitor mode wifi only seeing broadcast packets

Look at your post, especially the message

(monitor mode enabled on mon0)

So... capture on mon0, NOT wlan0!

ie:

airmon-ng start wlan0
airodump-ng mon0

.. you'll notice no channel-hopping. You'll need a workaround to get it grabbing the full spectrum! Sooo...

airodump-ng mon0

airmon-ng stop wlan0      # gets channel hopping going (but obviously stops wlan0)

airodump-ng mon0

Best Answer

Related Solutions

networking,software-rec,monitoring,bandwidth – Best Network Monitoring Tools

Monitor mode wifi only seeing broadcast packets

Related Question