Aly Dharshi <aly.dharshi@xxxxxxxxx> wrote:
Hello Kaushal, I hope that you are well. tcpdump -i ethX port 80 Where
X would be a number so eth0 or eth1, you can also refine this with
"src port" and "dst port" expressions, have you tried using wireshark
instead if you are using an X system ? Cheers, Aly. Kaushal Shriyan
wrote:
> Hi
>
> How do i capture http request and response using tcpdump
>
> Thanks and Regards
>
> Kaushal
>
This approach only captures the HTTP requests. It will not capture the
response since the response will not be through port 80; the response to
a request will be to some randomly assigned, non-privileged port.
If you assume that most inbound traffic to non-privileged ports consists
of HTTP responses, you could just filter out all inbound traffic to
privileged ports (port # < 1024). Depending on what you allow users to
do, you may also get some chat/instant messenger traffic, P2P file
sharing, etc. This may also be of interest depending on what you're
looking for.
If you specifically need to match HTTP requests with the response, you
may need to look into one of the commercial network monitoring
applications. These work by capturing all traffic and matching the
half-sessions to recreate the complete dialog. This is a much harder
problem but these products allow the user who made a particular request
to be identified and associated with the response.
Cheers,
Dave
--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce
