http debugging with tshark
Very useful for http debugging(tshark is part of wireshark):
# tshark -i eth0 -F visual -f "tcp port 80" -p -R http.request -N mntC
Log all POP users
The command below captures all port 110 traffic and filters out the 'user' command and saves it to a text file (from Mark's notes):
# tshark -i 2 -f 'port 110' -R 'pop.request.parameter contains 'user'' > /tmp/pop_users.txt
Sniff HTTP requests
Tshark can analyze any kind of network traffic, but in my case I was particularly helped by a command I found on stackoverflow:
# tshark 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -R 'http.request.method == "GET" || http.request.method == "HEAD"'
No comments:
Post a Comment