Andy Green <andy@xxxxxxxxxxx> wrote:
David G. Miller wrote:
> Aly Dharshi <aly.dharshi@xxxxxxxxx> wrote:
>
>> Hello Kaushal, I hope that you are well. tcpdump -i ethX port 80 Where
>> X would be a number so eth0 or eth1, you can also refine this with
>> "src port" and "dst port" expressions, have you tried using wireshark
>> instead if you are using an X system ? Cheers, Aly. Kaushal Shriyan
>> wrote:
>>> > Hi
>>> > > How do i capture http request and response using tcpdump
>>> > > Thanks and Regards
>>> > > Kaushal
>>> >
> This approach only captures the HTTP requests. It will not capture the
> response since the response will not be through port 80; the response to
> a request will be to some randomly assigned, non-privileged port.
That is not so: tcpdump's "port" parameter matches if the port appears
on the source OR destination. And although an ephemeral port is used on
the receive side, it is sent from the web server using port 80, and so
matches the tcpdump filter. Give it a try.
You're right. Sorry. At my previous job I was always using dst port or
src port and usually to try to filter out the traffic I *didn't* want to
see. Regardless, it's still a pain to match up the captures each way to
get the complete dialog.
Cheers,
Dave
--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce
