无法在tcpdump中获取所需的HTTP标头

时间:2012-01-29 03:58:22

标签: http http-headers tcpdump

我正在运行基于Django的http服务器,我正在尝试使用tcpdump收集HTTP标头。

这是tcpdump命令:

$ sudo tcpdump -i lo0 -s 0 -B 524288 port 8000

这是输出

  19:55:55.388635 IP localhost.irdmi > localhost.50558: Flags [P.], seq 126:8318, ack 602, win 40830, options [nop,nop,TS val 1192418216 ecr 1192418216], length 8192
  19:55:55.388649 IP localhost.50558 > localhost.irdmi: Flags [.], ack 8318, win 36734, options [nop,nop,TS val 1192418216 ecr 1192418216], length 0
  19:55:55.388657 IP localhost.irdmi > localhost.50558: Flags [P.], seq 8318:16510, ack 602, win 40830, options [nop,nop,TS val 1192418216 ecr 1192418216], length 8192
  19:55:55.388666 IP localhost.50558 > localhost.irdmi: Flags [.], ack 16510, win 32638, options [nop,nop,TS val 1192418216 ecr 1192418216], length 0
  19:55:55.388673 IP localhost.irdmi > localhost.50558: Flags [P.], seq 16510:24702, ack 602, win 40830, options [nop,nop,TS val 1192418216 ecr 1192418216], length 8192
  19:55:55.388682 IP localhost.50558 > localhost.irdmi: Flags [.], ack 24702, win 28542, options [nop,nop,TS val 1192418216 ecr 1192418216], length 0
  19:55:55.388687 IP localhost.irdmi > localhost.50558: Flags [.], seq 24702:41034, ack 602, win 40830, options [nop,nop,TS val 1192418216 ecr 1192418216], length 16332
  19:55:55.388691 IP localhost.irdmi > localhost.50558: Flags [P.], seq 41034:41086, ack 602, win 40830, options [nop,nop,TS val 1192418216 ecr 1192418216], length 52
  19:55:55.388707 IP localhost.50558 > localhost.irdmi: Flags [.], ack 41086, win 20350, options [nop,nop,TS val 1192418216 ecr 1192418216], length 0
  19:55:55.388714 IP localhost.irdmi > localhost.50558: Flags [P.], seq 41086:49278, ack 602, win 40830, options [nop,nop,TS val 1192418216 ecr 1192418216], length 8192
  19:55:55.388722 IP localhost.50558 > localhost.irdmi: Flags [.], ack 49278, win 16254, options [nop,nop,TS val 1192418216 ecr 1192418216], length 0
  19:55:55.388728 IP localhost.irdmi > localhost.50558: Flags [P.], seq 49278:61630, ack 602, win 40830, options [nop,nop,TS val 1192418216 ecr 1192418216], length 12352
  19:55:55.388737 IP localhost.50558 > localhost.irdmi: Flags [.], ack 61630, win 10078, options [nop,nop,TS val 1192418216 ecr 1192418216], length 0

有人知道这里有什么问题吗?为什么我无法获取请求的完整HTTP标头?我尝试过使用wireshark,但我在那里遇到了其他一些错误。

2 个答案:

答案 0 :(得分:3)

以下命令可以帮我抓取端口8000上的http标头。 -s将获取前1024个字节,因此您可以调整以获取更多或更少的数据包数据。

tcpdump -i eth0 -s 1024 -l -A port 8000

答案 1 :(得分:2)

如果您想查看数据包内容,您实际上并不想使用tcpdump

使用tcpflow代替 - 这将显示完整的请求。或者更好的是,使用诸如firebug之类的浏览器扩展来查看比数据包嗅探更高级别的标题。

要使用tcpflow嗅探端口8000,请使用tcpflow -c port 8000。它将显示stdout上的所有流量。