Nothing in life is easy. This is also true for linux. Most things are possible but not always the way you'd like them.
It's "possible" to get the info you need with something like:
tcpdump -vvvnnXs0 | grep -B 4 -A 5 GET | grep -B 4 -A 5 -i zip
This will snoop the default interface (normally eth0) and spit out some details on any get requests that also have zip associated with them.
This should give the ip of who is getting the zip, where they are getting it from, the time as well as what the file name is.
But.
This is a very simple filter that will also be triggered if somone were to say, do a google search with the word zip in the search.
You'll have to use better filters or even a brain to figure out if the get for a file is what you are looking for or not.
Also on a busy interface you'll likely drop packets. This isn't the most efficent way of doing business. But I figured you deserved some sort of answer even if it's not a good one.
-b
|