LinuxQuestions.org - Capture packets and tomcat server header information

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - Capture packets and tomcat server header information (https://www.linuxquestions.org/questions/linux-networking-3/capture-packets-and-tomcat-server-header-information-4175543808/)

gaurav_s

05-28-2015 12:30 AM

Capture packets and tomcat server header information

I am using tcpdump command to retrieve tomcat server header information.
I am executing wget command from remote node.
node1:-

wget -S http://XXX.XXX.XXX.XXX:8093

node2:-

tcpdump -f "tcp src port 8093" -s0 -w /tmp/tomcat11.pcap

node2 is running tomcat server on port 8093

i am opening tomcat11.pcap in wireshark but i am not able to find server information i.e Apache Tomcat X.X .

nini09

05-28-2015 02:40 PM

It might be in HTTP header.

gaurav_s

05-28-2015 11:57 PM

There are no http headers present in Wireshark. I amusing http.response as filter.

mralk3

05-29-2015 12:08 AM

I googled it with search terms "tcpdump for tomcat" and found:

http://blog.2partsmagic.com/2011/01/...-http-headers/

Google is your friend!

gaurav_s

05-29-2015 01:29 AM

Now, i am able to get GET request ,but i want to see POST .

nini09

05-29-2015 02:55 PM

Just capture port 8093 instead of src port 8093. You should see both direction packet.

gaurav_s

06-01-2015 12:45 AM

Still i am not getting POST data.I guess with wget command i can't get POST data.

mralk3

06-01-2015 09:28 AM

Look at the man page of wget and you will see that you need to pass specific options to wget to execute a HTTP POST.

nini09

06-01-2015 02:38 PM

Tool, wget, only use get request to download information. The put request is uploading information.
One tool, CURL, can do anyway you want, such as GET, POST, DELETE and so on.
http://curl.haxx.se/

mralk3

06-02-2015 06:37 PM

Capture packets and tomcat server header information

Good point about curl. I was not thinking in terms of receiving data , rather submitting data to a service.

The curl command will do what you need.

joec@home

06-07-2015 05:07 PM

Been a while, but looking through my old notes I used to prefer to search by IP address to get a larger scope of data. Try playing around with the different flags, removing and adding different flags to check for different results, switching between the IP address of both the sender and the receiver. Also try switching between "0" and "1500" in the -s flag. Just print to screen at first while you fine tune then start grabbing to a file.

tcpdump -x -v -s 1500 host 12.34.56.78 -l -n

joec@home

06-07-2015 05:28 PM

Another thing you might try is to run a tail on the module being used by tomcat to get a psudo'ish strace.

tail -f /proc/(PID of Tomcat)/map_files/(module being called by tomcat) | od -a

Different od flags for translation:

From
http://unixhelp.ed.ac.uk/CGI/man-cgi?od

-a same as -t a, select named characters
-b same as -t o1, select octal bytes
-c same as -t c, select ASCII characters or backslash escapes
-d same as -t u2, select unsigned decimal 2-byte units
-f same as -t fF, select floats
-i same as -t dI, select decimal ints
-l same as -t dL, select decimal longs
-o same as -t o2, select octal 2-byte units
-s same as -t d2, select decimal 2-byte units
-x same as -t x2, select hexadecimal 2-byte units

All times are GMT -5. The time now is 12:30 AM.