Grabbing HTTP Headers via a Linux Bridge
Hi,
I was wondering if there was any way to capture all the HTTP headers passing through a Linux bridge. I know how easy it is to perform something like full capture, but I'm only interested in HTTP traffic. Furthermore, I don't want all the traffic. I just want to keep track of HTTP sites visited, etc. Preferably, I'd like to then store it in a database (for future analysis). I'd prefer to not run a proxy on this machine (no squid). Finally, if the machine fails for any reason, is there a way to get it to fail open without using a network tap? Thanks for your help. |
i'm not aware of any failopen dual nics, and you'd certainly need a dual nic card to gte anywhere near that.
just playing about i've got this... Code:
tshark -i bond0 port 80 -V -R 'http.host' | awk '{if (/Source:.+\./) source=$0; if (/Destination:.+\./) dest=$0; if (/Host:/) print source dest $0}' Code:
Source: 10.224.36.30 (10.224.36.30) Destination: 221.206.29.201 (221.206.29.201) Host: news.bbc.co.uk\r\n |
All times are GMT -5. The time now is 12:52 PM. |