Hello All,
I hope that you are well. That is correct, doing what I have said on
the commandline of the server will show server side stuff, you may also
want to run something like tcpdump or ethereal on your work station and
compare/match. Unless you want to spend money to by a commercial sniffer.
Cheers,
Aly.
David G. Miller wrote:
This approach only captures the HTTP requests. It will not capture the
response since the response will not be through port 80; the response to
a request will be to some randomly assigned, non-privileged port.
If you assume that most inbound traffic to non-privileged ports consists
of HTTP responses, you could just filter out all inbound traffic to
privileged ports (port # < 1024). Depending on what you allow users to
do, you may also get some chat/instant messenger traffic, P2P file
sharing, etc. This may also be of interest depending on what you're
looking for.
If you specifically need to match HTTP requests with the response, you
may need to look into one of the commercial network monitoring
applications. These work by capturing all traffic and matching the
half-sessions to recreate the complete dialog. This is a much harder
problem but these products allow the user who made a particular request
to be identified and associated with the response.
Cheers,
Dave
--
Aly Dharshi
aly.dharshi@xxxxxxxxx
Got TELUS TV ? 310-MYTV or http://www.mytelus.com/tv
"A good speech is like a good dress
that's short enough to be interesting
and long enough to cover the subject"
