[t:/]$ 지식_

tcpdump로 http 헤더 보기

2017/08/14

참조 글타래..

https://sites.google.com/site/jimmyxu101/testing/use-tcpdump-to-monitor-http-traffic

https://serverfault.com/questions/504431/human-readable-format-for-http-headers-with-tcpdump

https://stackoverflow.com/questions/11757477/understanding-tcpdump-filter-bit-masking

요약하면,


# 헤더만
sudo tcpdump -A -s 10240 'tcp port 4080 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | egrep --line-buffered "^........(GET |HTTP\/|POST |HEAD )|^[A-Za-z0-9-]+: " | sed -r 's/^........(GET |HTTP\/|POST |HEAD )/\n\1/g'

# 바로 찍어줘..
sudo stdbuf -oL -eL /usr/sbin/tcpdump -A -s 10240 "tcp port 4080 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)" | egrep -a --line-buffered ".+(GET |HTTP\/|POST )|^[A-Za-z0-9-]+: " | perl -nle 'BEGIN{$|=1} { s/.*?(GET |HTTP\/[0-9.]* |POST )/\n$1/g; print }'

# 헤더, 바디
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

# 헤더, 바이, 타겟팅
tcpdump -A -s 0 'src example.com and tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

# 특정 인터페이스 카드만
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -i lo

NAT, IP, Http의 원리를 모르면 결국 프레임웤에만 의존하기 쉽다.









[t:/] is not "technology - root". dawnsea, rss