Does gzip have the capability to decode gzipped traffic? I have been beating my head against the wall with this issue. What I'm trying to do is capture traffic between a web server and clients, and I've got it set up where it's redirected to a file for ease of grepping, however it's seemingly incapable of decoding gzipped encoding. I know I can do this with tshark, I'm curious as to whether tcpdump has this capability (i.e. only using tcpdump, and not some additional tool like tcpshow or what-not).

I can't find much on this issue in the man page for tcpdump, but it is fairly lengthy, so it's possible that I missed something, but I don't see that as especially likely.

Help would be appreciated.

Thanks,
Matt

I'd guess not, but you could always load the tcpdump captured packets into tshark

Yeah, I knew I could decode with tshark. More than anything else this was just one of those things that I was curious if it could be done or not (i.e. with tcpdump).

I rescanned the man page on tcpdump, still can't see anything, nor can I get much out of google searching. Might just have to call it quits, just seems like it'd be plausible for tcpdump to have it, but no dice.

Thanks for the input, I've got confirmation on what I was thinking.

-Matt