Thursday, February 16, 2012

tcpdump to grab http headers from a specific domain

If you find tcpdump as a very useful tool and you wanted to work in the shell or in a terminal, let say you're into hacking.

So it's useful to sneak on the packets using tcpdump.

To grab the headers by using tcpdump, you can use the command below,


$> for((i=0;i<13;i++)) { clear; } // can also be done by `while(true) do clear; done` then press ctrl+c to stop
$> tcpdump -i en1 -s 1024 -l -A 'port 80 and host domain.com'


where
 -i  specifies the interface,
-s specifies the number of bytes that you wanted to Snarf or sneak. From man page, it says "Snarf snaplen bytes of data from each packet rather than the default of 68"
-l  print the buffer result into stdout
-A    From man page, "Print each packet (minus its link level header) in ASCII.  Handy for capturing web pages."

then the string enclosed with single quote is the rule that I wanted to do, to grab or filter packets from port 80 and host  domain.com. Just change "domain.com" to your desired domain to try.


BTW, the command prior the tcpdump is just to clear 13 times in my terminal. I just do that to clear what's everything at the top before printing results to stdout.

Hope this helps.

1 comment:

Toytoy said...

Some other users also use tcpdump -nn -vv -A -s 0 -i eth0 dst or src host your host.com and port 80