lamess / tcpdump调试HTTP协议

Created Mon, 22 Jul 2024 11:15:58 +0800 Modified Tue, 23 Jul 2024 09:32:30 +0800
213 Words
Linux

使用tcpdump调试HTTP协议

# HTTP GET
tcpdump -i eno1 -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'
# HTTP POST
tcpdump -i eno1 -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504F5354'
# 80端口 and GET
tcpdump -i eno1 -s 0 -A 'tcp dst port 80 and tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'
# 80或443端口 and GET或POST and 指定host
tcpdump -i eno1 -s 0 -A '(tcp dst port 80 or tcp dst port 443) and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420 or tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504F5354) and host 192.168.0.1'
# 80或443端口 and GET或POST的请求和返回 指定host
tcpdump -i eno1 -s 0 -A '(tcp dst port 80 or tcp dst port 443) and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420 or tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504F5354 or tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x48545450 or tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x3C21444F) and host 192.168.0.1'