2013年10月31日 星期四

How to use tcpdump to sniffer http header

 

1.tcpdump -s 1024 -l -A dst www.cnn.com
2.

Type the following command at shell prompt:

# tcpdump -n -i eth0 -s 0 -w output.txt src or dst port 80

 

Where,

  • -n : Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
  • -i eth0 : Specify interface to capture data.
  • -s 0 : Snarf snaplen[snapshot length] bytes of data from each packet rather than the default of 68. Setting to 0 means use the required length to catch whole packets.
  • -w output.txt : Save data to output.txt file
  • src or dst port 80 : Capture port 80.

@Result

11:04:31.674686 IP 10.1.246.215.61709 > 157.166.248.11.http: Flags [.], ack 1478957458, win 65535, length 0

.....C...(....E..(k.@.@.9/

.P/.2.X'..P...TU..

11:04:31.674907 IP 10.1.246.215.61709 > 157.166.248.11.http: Flags [P.], seq 0:369, ack 1, win 65535, length 369

.....C...(....E.....@.@...

.P/.2.X'..P...u\..GET / HTTP/1.1

Host: www.cnn.com

Connection: keep-alive

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36

Accept-Encoding: gzip,deflate,sdch

Accept-Language: zh-TW,zh;q=0.8,en-US;q=0.6,en;q=0.4

 

 

11:04:31.675385 IP 10.1.246.215.61710 > 157.166.248.11.http: Flags [.], ack 3228182788, win 65535, length 0

.....C...(....E..(2P@.@.q.

..........P..[?.j).P.......

11:04:32.087077 IP 10.1.246.215.61709 > 157.166.248.11.http: Flags [.], ack 426, win 65535, length 0

沒有留言:

如何下載Facebook 相簿跟影片

影片:透過chrome plug-in : Video Downloader for Facebook<sup>TM</sup> 相簿: 透過chrome plug-in : Tampermonkey 搭配script : Facebo...