2008/11/20 Jeff Simmons <[EMAIL PROTECTED]>: > Anyone know of a text-based program that will dump http protocol packets? > Like tcpdump, but for http.
I'm not an expert, but I here are my dimly and pseudo-educated guesses and hunches and 2 * n eurocents: - In order to selectively *only* capture HTTP packets, you have to *recognize* which TCP packets are/contain HTTP packets first. - Granted, a HTTP packet may not arrive via TCP, since according to Wikipedia: > HTTP is not constrained to using TCP/IP and its supporting layers, although > this is its most popular application on the Internet. Indeed HTTP can be > "implemented on top of any other protocol on the Internet, or on other > networks. HOWEVER, even when using another kind of networking stack, you still have to figure out which packets are HTTP packets and which aren't. Also, TCP/IP is ubiquitous, and J-Random-Hacker's-Own-Leet-Networking-Protocol isn't. - It is my understanding that with TCP/IP at least, pretty much the only way to determine whether what you've got at your hands is an HTTP packet is to actually look at it. - Thus, identifying all HTTP packets requires capturing each TCP packet, or at least capture part of each TCP packet. - Even if we were to assume that it was possible to only capture part of each packet and then determine --in real time, while you're dumping TCP packets-- what the HTTP packets are and then only fully capturing those, this would probably be needlessly complex and waste more resources than not capturing all of the packets in full saves. - For the above reasons, you're probably much better off to just capture all of your TCP packets on a given interface with tcpdump, and then selectively reassemble only what you want with tcpflow. Also for the above reasons, I am not convinced a dedicated "httpdump" tool would be particularly useful. Again, I don't really know what I'm talking about to a great extent in this area, but that's AFAIK. 'hope this helps, --ropers
