LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-15-2005, 05:14 PM   #1
SharkBait
LQ Newbie
 
Registered: Feb 2005
Posts: 27

Rep: Reputation: 15
TCPdump


Hi,

I've looked over the MAN pages for TCPdump and I am still unclear on how to look though traffice based on port.

I want to look at HTTP traffic (in and out) on eth0. But be able to read the headers.

I've seen it before when I could see the URL etc of the packet to see what people were trying to view.

How is this done with TCPdump?

Thank you
 
Old 08-15-2005, 05:27 PM   #2
bushidozen
Member
 
Registered: Oct 2004
Posts: 215

Rep: Reputation: 30
Hopefully, this will help:
Quote:
I just recently started using tcpdump to look at http traffic.
When I fire it up I usually do something like:

prompt> sudo tcpdump -s 3000 -w dumpfile.txt host somehost and
port 1234
prompt> hexdump -c dumpfile | less

This tells tcpdump to capture all of most ethernet packets (mtu
for ethernet is usually around 1500, so you should get all of each packet
with size 3000) and to dump the output to dumpfile.txt. It specifies that
you only care about traffic destined for the host named somehost and for
port number 1234. So to watch web traffic for host foo try:

prompt> sudo tcpdump -s 3000 -w dumpfile.txt host foo port 80

Then use hexdump to dump that crazy tcpdump output into human
readable ascii (or learn to read hex ;-). I am new at this too, so I hope
this helps.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
tcpdump telestudent Linux - Software 1 03-03-2005 10:07 PM
help tcpdump blackzone Linux - Networking 1 10-08-2004 07:07 AM
tcpdump dlm4444 Linux - Networking 1 02-15-2004 03:03 PM
tcpdump gbell72 Linux - Security 5 09-18-2003 02:08 PM
tcpdump isbrower Linux - Networking 2 06-11-2001 03:48 PM


All times are GMT -5. The time now is 07:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration