How to i sniff/dump HTTP protocol as ASCII for a port with tcpdump or altenative

httpmonitoringpacket-sniffertcpdump

I need to view how an application is sending and is receiving traffic through a http protocol that it comunicates on localhost (it has an embeded port coded with .gz)
I'm sure it's some XML that it sends and receives but i want to sniff it , and then analize it

Is this possible somehow with Tcpdump? there i can see only that it connects but not the actual send receive

Best Answer

ngrep is very useful for this. Something as simple as

ngrep -W byline port 80

would work, but you can filter on the content of the requests too (hence the grep part of the name), and it prints out the packet payload:

ngrep -W byline some_string port 80

nginx.conf

#lets assume your IP address is 89.89.89.89 and also that you want nginx to listen on port 7000 and your app is running on port 3000

server {
    listen 7000 ssl;
 
    ssl_certificate /path/to/ssl_certificate.cer;
    ssl_certificate_key /path/to/ssl_certificate_key.key;
    ssl_client_certificate /path/to/ssl_client_certificate.cer;

    error_page 497 301 =307 https://89.89.89.89:7000$request_uri;

    location / {
        proxy_pass http://89.89.89.89:3000/;

        proxy_pass_header Server;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Protocol $scheme;
    }
}

However if a client makes a request via any other method except a GET, that request will be turned into a GET. Thus to preserve the request method that the client came in via; we use error processing redirects as shown in nginx docs on error_page

And thats why we use the 301 =307 redirect.

Using the nginx.conf file shown here, we are able to have http and https listen in on the same port

Linux – Cheap way to detect client round trip times for http

$tcpinfo_rtt, $tcpinfo_rttvar, $tcpinfo_snd_cwnd, $tcpinfo_rcv_space
information about the client TCP connection; available on systems that support
the TCP_INFO socket option

http://nginx.org/en/docs/http/ngx_http_core_module.html#variables

Best Answer

Related Solutions

Nginx – Handling http and https requests using a single port with nginx

nginx.conf

Linux – Cheap way to detect client round trip times for http

Related Topic