On 4/23/07, David G. Miller <dave@xxxxxxxxxxxxx> wrote:
Aly Dharshi <aly.dharshi@xxxxxxxxx> wrote: > Hello Kaushal, I hope that you are well. tcpdump -i ethX port 80 Where > X would be a number so eth0 or eth1, you can also refine this with > "src port" and "dst port" expressions, have you tried using wireshark > instead if you are using an X system ? Cheers, Aly. Kaushal Shriyan > wrote: >> > Hi >> > >> > How do i capture http request and response using tcpdump >> > >> > Thanks and Regards >> > >> > Kaushal >> > This approach only captures the HTTP requests. It will not capture the response since the response will not be through port 80; the response to a request will be to some randomly assigned, non-privileged port. If you assume that most inbound traffic to non-privileged ports consists of HTTP responses, you could just filter out all inbound traffic to privileged ports (port # < 1024). Depending on what you allow users to do, you may also get some chat/instant messenger traffic, P2P file sharing, etc. This may also be of interest depending on what you're looking for. If you specifically need to match HTTP requests with the response, you may need to look into one of the commercial network monitoring applications. These work by capturing all traffic and matching the half-sessions to recreate the complete dialog. This is a much harder problem but these products allow the user who made a particular request to be identified and associated with the response. Cheers, Dave
He is rigth maybe the best option is to capture everything dump it to a file and then analyze that file with the filters of ethereal. regards, -- Guillermo Garron "Linux IS user friendly... It's just selective about who its friends are." (Using FC6, CentOS4.4 and Ubuntu 6.06) http://feeds.feedburner.com/go2linux http://www.go2linux.org