Re: tcpdump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andy Green <andy@xxxxxxxxxxx> wrote:

David G. Miller wrote:
> Aly Dharshi <aly.dharshi@xxxxxxxxx> wrote:
>
>> Hello Kaushal, I hope that you are well. tcpdump -i ethX port 80 Where >> X would be a number so eth0 or eth1, you can also refine this with >> "src port" and "dst port" expressions, have you tried using wireshark >> instead if you are using an X system ? Cheers, Aly. Kaushal Shriyan >> wrote:
>>> > Hi
>>> > > How do i capture http request and response using tcpdump
>>> > > Thanks and Regards
>>> > > Kaushal
>>> >
> This approach only captures the HTTP requests. It will not capture the > response since the response will not be through port 80; the response to > a request will be to some randomly assigned, non-privileged port.

That is not so: tcpdump's "port" parameter matches if the port appears on the source OR destination. And although an ephemeral port is used on the receive side, it is sent from the web server using port 80, and so matches the tcpdump filter. Give it a try.
You're right. Sorry. At my previous job I was always using dst port or src port and usually to try to filter out the traffic I *didn't* want to see. Regardless, it's still a pain to match up the captures each way to get the complete dialog.

Cheers,
Dave

--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux