sniffing network traffic, linux server between firewall and router, only want http
Hello,
I was hoping someone could help me out. I have a switch with port monitoring on, that a firewall, router, and linux box are connected too. I cannot replace either the router or the firewall. What i want to do is take a "snapshot" of what webpages are being accessed by ip. We are using a windows nt4 dns server, so i cannot just log dns requests. Or as far as i know i cant. All i really want to do is just get a filter up there to dump the first part of web traffic. anyone know a better/way to do this? Thanks :P |
tcpdump port 80,
or you can use ethereal, and filter for port 80 I think thats what your asking.. if this didnt help let me know... |
thanks for the reply,
yea that was what i was going to do but.. if i filter for just port 80 i get all the web traffic, what i really need is just what ip is going to what site. i know that their are ways to specify what parts of conversations, I think the host header is sent in the < 4 so that is all i really would need. I just dont know how to do that in ethereal or tcpdump |
All times are GMT -5. The time now is 02:02 PM. |