4

I need to get full description of the HTTP requests with TShark sniffer. I mean something like Wireshark's GUI where you can get:

  • raw request data (zipped/unzipped);
  • pretty printed extracted HTTP fields: (Host, Accepted-Encoding, Cookies, etc).

For now I'm able to dissect HTTP with:

 tshark -i eth0 -f 'dst host xxx.xxx.xxx.xxx' -d tcp.port=80,http

it prints something like this:

139389.228821 x.x.x.x -> y.y.y.y HTTP GET /test.html HTTP/1.1

or I can print cookie (or all cookies?) for example with:

tshark -i eth0 -f 'dst host xxx.xxx.xxx.xxx' -T fields -e http.cookie

But I want complete HTTP request description with raw data. Is it possible?

Shcheklein
  • 5,979
  • 7
  • 44
  • 53

2 Answers2

0

If it is only to monitor traffic from your own computer, try Fiddler

Or use Firefox's Firebug, and/or Live HTTP Headers, and/or the Web Developer Toolbar

Rolando Cruz
  • 2,834
  • 1
  • 16
  • 24
  • 2
    It's a Linux server with console. Don't think I can use Fiddler. Anyway, if I had GUI I would use Wireshark instead of TShark. – Shcheklein Sep 07 '11 at 09:27
-2

Note: See comments for accepted answer.

Curl might be able to do this for you. when you post your data via curl, use the -v and -i options. You can also use -b and -c to read/write cookie info to a file so you can look at it.

This may not be exactly what you want as it sounds like you already have a program thats doing the posting but if you can re-create the post and send with curl, you'll see all of the raw data (when using the right options).

Curl docs are here

Shcheklein
  • 5,979
  • 7
  • 44
  • 53
ghostJago
  • 3,381
  • 5
  • 36
  • 51