tcpdump
David G. Miller
dave at davenjudy.org
Tue Apr 24 00:55:22 UTC 2007
Andy Green <andy at warmcat.com> wrote:
> David G. Miller wrote:
>> > Aly Dharshi <aly.dharshi at telus.net> wrote:
>> >
>>
>>> >> Hello Kaushal, I hope that you are well. tcpdump -i ethX port 80 Where
>>> >> X would be a number so eth0 or eth1, you can also refine this with
>>> >> "src port" and "dst port" expressions, have you tried using wireshark
>>> >> instead if you are using an X system ? Cheers, Aly. Kaushal Shriyan
>>> >> wrote:
>>>
>>>>> >>> > Hi
>>>>>
>>>>>> >>> > > How do i capture http request and response using tcpdump
>>>>>> >>> > > Thanks and Regards
>>>>>> >>> > > Kaushal
>>>>>>
>>>>> >>> >
>>>>>
>> > This approach only captures the HTTP requests. It will not capture the
>> > response since the response will not be through port 80; the response to
>> > a request will be to some randomly assigned, non-privileged port.
>>
>
> That is not so: tcpdump's "port" parameter matches if the port appears
> on the source OR destination. And although an ephemeral port is used on
> the receive side, it is sent from the web server using port 80, and so
> matches the tcpdump filter. Give it a try.
You're right. Sorry. At my previous job I was always using dst port or
src port and usually to try to filter out the traffic I *didn't* want to
see. Regardless, it's still a pain to match up the captures each way to
get the complete dialog.
Cheers,
Dave
--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce
More information about the fedora-list
mailing list