6

I'm running "sudo tcpdump -s 0 -A port 80" on my Linux system to monitor HTTP traffic. This works, but all of the traffic is gzipped. Is there any easy way to un-compress this on the fly so I can watch the traffic in real-time?

SeanLabs
  • 1,739
  • 4
  • 18
  • 22

1 Answers1

9

give tcpflow a try. This command is able to do what you want. Excerpt from man page:

Rather than showing packet-by-packet information, tcpflow reconstructs the actual data streams [...] has a sophisticated plug-in system for decompressing compressed HTTP connections

To have a live view, you would tell tcpflow to write to the console:

tcpflow -c -a port 80
Michael Schaefers
  • 707
  • 4
  • 17
  • 1
    Good suggestion, but the target in my case is an ARM embedded system, so I'f have to cross compile tcpflow etc. Is there anyway to do the in flight ungzip with standard tcpdump? – SeanLabs Feb 05 '16 at 21:01