LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
Search this Thread
Old 07-18-2006, 06:37 PM   #1
charlest
LQ Newbie
 
Registered: Jul 2006
Location: Sydney, Australia
Distribution: Red Hat 7.2, 8 and 9
Posts: 10

Rep: Reputation: 0
Viewing Internet requests and responses


In RedHat Linux 9, I've configured Firewall to High.

What command should I be using in order to view the Internet requests and responses on the machine?
 
Old 07-18-2006, 08:25 PM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 162Reputation: 162
That's not dependent on your firewall settings (unless your firewall is configured to log requests on port 80, 443, 8080, etc. If you have a web server running, you can use a text editor to look through the access and error logs for Apache.

You could use netstat to see the TCP connections, or iptstate to view the iptables connections table. Or, you can use a packet sniffer (ethereal, tcpdump) to monitor the traffic on the web ports as they happen. This will generate a lot of data though - what was it you needed to do?
 
Old 07-18-2006, 08:32 PM   #3
charlest
LQ Newbie
 
Registered: Jul 2006
Location: Sydney, Australia
Distribution: Red Hat 7.2, 8 and 9
Posts: 10

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by gilead
That's not dependent on your firewall settings (unless your firewall is configured to log requests on port 80, 443, 8080, etc. If you have a web server running, you can use a text editor to look through the access and error logs for Apache.

You could use netstat to see the TCP connections, or iptstate to view the iptables connections table. Or, you can use a packet sniffer (ethereal, tcpdump) to monitor the traffic on the web ports as they happen. This will generate a lot of data though - what was it you needed to do?
Simply, I would like to be able to view the current web addresses requested from the machine.
 
Old 07-18-2006, 09:59 PM   #4
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 162Reputation: 162
A typical line from an Apache log file looks like this:
Code:
10.225.49.21 - - [13/Jul/2006:11:29:13 +1000] "GET /bugzilla/editparams.cgi HTTP/1.1" 200 56338 "http://some.server.com/bugzilla/index.cgi" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
The fields are (see http://httpd.apache.org/docs/2.0/logs.html for more detail):
- IP address of the requestor;
- Identity returned by identd (not populated unless IdentityCheck is set to On);
- userid of the document requestor as determined by HTTP authentication;
- The time that the request was received;
- The request line from the client is given in double quotes;
- The status code that the server sent back to the client;
- The size of the object returned to the client, not including the response headers;
- The "Referer" (sic) HTTP request header;
- The User-Agent HTTP request header.

You can view this raw data with the tail command (alter it for your site):
Code:
 tail -f /var/log/httpd/access.log
Or you can use a log-file analyser (Google will return plenty of hits) such as awstats.
 
Old 07-18-2006, 11:57 PM   #5
charlest
LQ Newbie
 
Registered: Jul 2006
Location: Sydney, Australia
Distribution: Red Hat 7.2, 8 and 9
Posts: 10

Original Poster
Rep: Reputation: 0
Hi Steve

Sorry for the confusion, actually, I'm not running Apache web server.

However, I would like to find out the web addresses my machine is attempting to goto.


Charles
 
Old 07-19-2006, 01:30 AM   #6
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 162Reputation: 162
No problem - I use ethereal from http://www.ethereal.com/ for packet sniffing. You could start it with a filter for ports 80, 443 (encrypted), 3128 (Squid proxy) and 8080 (Tomcat) for example and it will capture all of the packets going to/from those ports.

There are rpms available for ethereal, have you used it before?
 
Old 07-19-2006, 06:46 PM   #7
charlest
LQ Newbie
 
Registered: Jul 2006
Location: Sydney, Australia
Distribution: Red Hat 7.2, 8 and 9
Posts: 10

Original Poster
Rep: Reputation: 0
I've just ran the rpm for "ethereal", the outputs are listed below. Would the listed version be enough for packet sniffing port 80?
/////////////////////////////
$ rpm -qa | grep ethereal
ethereal-0.10.3-0.90.1
/////////////////////////////
 
Old 07-19-2006, 07:11 PM   #8
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 162Reputation: 162
It should be - I run it here with:
Code:
sudo ethereal
Once it's running go to the Capture menu and select Options. Select the network interface (probably eth0) and set a capture filter (e.g. port 80 or port 3128). I set the Update List of Packets in Real Time option as well as all three of the Name Resolution options. Click Start, open your web browser and start browsing.

Once you have packets captured and displayed on ethereal's main screen, right-click on a packet and select Follow TCP Stream. You should get an ASCII listing of the traffic.
 
  


Reply

Tags
firewall, viewing, web


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Mastering Ajax, Part 3: Advanced requests and responses in Ajax LXer Syndicated Linux News 0 02-16-2006 06:46 AM
Where are all the friggin Moderator's responses????? thesonic1 General 19 04-08-2005 06:00 AM
Problems viewing a secure website (Internet banking) matux Linux - Security 16 10-29-2004 10:14 AM
contradictory rpm responses toreilly Linux - Newbie 3 04-15-2004 04:47 AM
Good to see the responses rholder LinuxQuestions.org Member Intro 6 05-17-2003 10:12 PM


All times are GMT -5. The time now is 02:09 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration