fromnet | ftp | ftpserv | httpserv | ip | netlog | ping | pingdiff | tcpdump | udpdump | udpsend | web | wget | Команда: tcpdump trace HTTP requests of your browser onto terminal, by connecting to the sfk tcpdump local server on Windows, Mac OS X, Linux and Raspberry Pi. the browser requests can be forwarded to another server, to trace a whole conversation. may work also with other protocols, e.g. telnet. free open source command line tool with no installation.sfk tcpdump [-showle] [...] port [-forward host:port] [...] create human-readable hexdump of tcp socket input, and optionally dump a tcp conversation, for debugging of web applications. options -showle highlights line ending characters CR and LF. you may also add "le" to the command name. -wide dumps 32 input bytes per line. -lean dumps 16 input bytes per line. -post reduced format e.g. for forum posts -min minimal format with alnum only text -forward specifies a host and port to which to forward incoming requests, to dump a tcp conversation. -timeout number of milliseconds to wait after last transfer until connections are closed. default is 60000, or 10000 if http is detected. -pure lists flat hex characters: 53464B2D544553540D0A -hexsrc lists hex comma separated values: 0x53,0x46,0x4B,0x2D,0x54,0x45,0x53,0x54,0x0D,0x0A, -decsrc lists decimal comma separated values: 83,70,75,45,84,69,83,84,13,10, -maxdump=n dump only first n bytes of incoming data. -flat no hexdump, print characters as they come. see also sfk udpdump - dump incoming UDP packets. sfk hexdump - for further format options. web reference http://stahlworks.com/sfk-tcpdump examples sfk tcpdump 9000 -showle -forward www.google.com:80 -timeout 2000 then connect with your browser to localhost:9000 and see the http requests and replies which are passing through. small timeouts are recommended to trace http communication, as the web browser may wait until the connection is closed. sfk tcpdump 5000 -flat -timeout 2000 -forward myproxy:8000 show plaintext communication to anywhere via a proxy server. to connect this way, you MUST connect to sfk as a proxy: in Firefox, open tools/options/advanced/network/settings, set manual proxy configuration, http proxy "localhost" port 5000. then type some external servername, e.g. "http://google.com" in your browser. In this example, is expected that a proxy machine "myproxy" exists within your local network. After the test, disable the proxy setting in your browser. example output: [received request from back with 415 bytes:] >47455420 2F204854 54502F31 2E310D0A< GET / HTTP/1.1.. 00000000 >486F7374 3A206C6F 63616C68 6F73743A< Host: localhost: 00000010 >39303030 0D0A5573 65722D41 67656E74< 9000..User-Agent 00000020 >3A204D6F 7A696C6C 612F352E 30202857< : Mozilla/5.0 (W 00000030 >696E646F 77733B20 553B2057 696E646F< indows; U; Windo 00000040 >7773204E 5420352E 313B2065 6E2D5553< ws NT 5.1; en-US 00000050 >3B207276 3A312E38 2E312E32 29204765< ; rv:1.8.1.2) Ge 00000060 >636B6F2F 32303037 30323139 20466972< cko/20070219 Fir 00000070 >65666F78 2F322E30 2E302E32 0D0A4163< efox/2.0.0.2..Ac 00000080 >63657074 3A207465 78742F78 6D6C2C61< cept: text/xml,a 00000090 >70706C69 63617469 6F6E2F78 6D6C2C61< pplication/xml,a 000000a0 >70706C69 63617469 6F6E2F78 68746D6C< pplication/xhtml 000000b0 >2B786D6C 2C746578 742F6874 6D6C3B71< +xml,text/html;q 000000c0 >3D302E39 2C746578 742F706C 61696E3B< =0.9,text/plain; 000000d0 >713D302E 382C696D 6167652F 706E672C< q=0.8,image/png, 000000e0 >2A2F2A3B 713D302E 350D0A41 63636570< */*;q=0.5..Accep 000000f0 >742D4C61 6E677561 67653A20 656E2D75< t-Language: en-u 00000100 >732C656E 3B713D30 2E372C64 653B713D< s,en;q=0.7,de;q= 00000110 >302E330D 0A416363 6570742D 456E636F< 0.3..Accept-Enco 00000120 >64696E67 3A20677A 69702C64 65666C61< ding: gzip,defla 00000130 >74650D0A 41636365 70742D43 68617273< te..Accept-Chars 00000140 >65743A20 49534F2D 38383539 2D312C75< et: ISO-8859-1,u 00000150 >74662D38 3B713D30 2E372C2A 3B713D30< tf-8;q=0.7,*;q=0 00000160 >2E370D0A 4B656570 2D416C69 76653A20< .7..Keep-Alive: 00000170 >3330300D 0A436F6E 6E656374 696F6E3A< 300..Connection: 00000180 >206B6565 702D616C 6976650D 0A0D0A< keep-alive.... 00000190 [forwarded 415 bytes] [received reply from front:] >48545450 2F312E31 20323030 204F4B0D< HTTP/1.1 200 OK. 00000000 >0A436163 68652D43 6F6E7472 6F6C3A20< .Cache-Control: 00000010 >70726976 6174650D 0A436F6E 74656E74< private..Content 00000020 >2D547970 653A2074 6578742F 68746D6C< -Type: text/html 00000030 >3B206368 61727365 743D5554 462D380D< ; charset=UTF-8. 00000040 >0A536574 2D436F6F 6B69653A 20505245< .Set-Cookie: PRE 00000050 >463D4944 3D343163 31623832 62633032< F=ID=41c1b82bc02 00000060 >32343063 643A544D 3D313137 36303431< 240cd:TM=1176041 00000070 >3238393A 4C4D3D31 31373630 34313238< 289:LM=117604128 00000080 >393A533D 6C4D5639 6C717A79 47766744< 9:S=lMV9lqzyGvgD 00000090 >4A487233 3B206578 70697265 733D5375< JHr3; expires=Su 000000a0 >6E2C2031 372D4A61 6E2D3230 33382031< n, 17-Jan-2038 1 000000b0 >393A3134 3A303720 474D543B 20706174< 9:14:07 GMT; pat 000000c0 >683D2F3B 20646F6D 61696E3D 2E676F6F< h=/; domain=.goo 000000d0 >676C652E 636F6D0D 0A436F6E 74656E74< gle.com..Content 000000e0 ... >AE874A3B 72041E63 A6B57E7B 2379D052< ..J;r..c..~{#y.R 00000670 >1099D7D0 81675629 D119BF69 85E8BD13< .....gV)...i.... 00000680 >7AD4FC08 31A1236F 9F6D4FE5 9B34730F< z...1.#o.mO..4s. 00000690 >A4240580 BAA3316D B98104FA 70DE6A95< .$....1m....p.j. 000006a0 >6B52365B A131BAB1 834FF892 C319C0E8< kR6[.1...O...... 000006b0 >590DFACC 1874AA44 DD40FD9E F6F52E89< Y....t.D.@...... 000006c0 >AA6DE06E C7B0971B A3EE367C CBA06DDE< .m.n......6|..m. 000006d0 >3BDF7549 355C9EE1 D6D11A39 E1660AAA< ;.uI5\.....9.f.. 000006e0 >BB25A5AA BA9CED4E 264FAE77 6973059A< .%.....N&O.wis.. 000006f0 >61774109 DDDD0A5E CD5DFF5F 409811B8< awA....^.]._@... 00000700 >F20B0000< .... 00000710 [backwarded 1812 bytes] [received request from back with 401 bytes:] >47455420 2F696E74 6C2F656E 5F636F6D< GET /intl/en_com 00000000 >2F696D61 6765732F 6C6F676F 5F706C61< /images/logo_pla 00000010 >696E2E70 6E672048 5454502F 312E310D< in.png HTTP/1.1. 00000020 >0A486F73 743A206C 6F63616C 686F7374< .Host: localhost 00000030 >3A393030 300D0A55 7365722D 4167656E< :9000..User-Agen 00000040 >743A204D 6F7A696C 6C612F35 2E302028< t: Mozilla/5.0 ( 00000050 >57696E64 6F77733B 20553B20 57696E64< Windows; U; Wind 00000060 >6F777320 4E542035 2E313B20 656E2D55< ows NT 5.1; en-U 00000070 >533B2072 763A312E 382E312E 32292047< S; rv:1.8.1.2) G 00000080 >65636B6F 2F323030 37303231 39204669< ecko/20070219 Fi 00000090 >7265666F 782F322E 302E302E 320D0A41< refox/2.0.0.2..A 000000a0 >63636570 743A2069 6D616765 2F706E67< ccept: image/png 000000b0 >2C2A2F2A 3B713D30 2E350D0A 41636365< ,*/*;q=0.5..Acce 000000c0 >70742D4C 616E6775 6167653A 20656E2D< pt-Language: en- 000000d0 >75732C65 6E3B713D 302E372C 64653B71< us,en;q=0.7,de;q 000000e0 >3D302E33 0D0A4163 63657074 2D456E63< =0.3..Accept-Enc 000000f0 >6F64696E 673A2067 7A69702C 6465666C< oding: gzip,defl 00000100 >6174650D 0A416363 6570742D 43686172< ate..Accept-Char 00000110 >7365743A 2049534F 2D383835 392D312C< set: ISO-8859-1, 00000120 >7574662D 383B713D 302E372C 2A3B713D< utf-8;q=0.7,*;q= 00000130 >302E370D 0A4B6565 702D416C 6976653A< 0.7..Keep-Alive: 00000140 >20333030 0D0A436F 6E6E6563 74696F6E< 300..Connection 00000150 >3A206B65 65702D61 6C697665 0D0A5265< : keep-alive..Re 00000160 >66657265 723A2068 7474703A 2F2F6C6F< ferer: http://lo 00000170 >63616C68 6F73743A 39303030 2F0D0A0D< calhost:9000/... 00000180 >0A< . 00000190 [forwarded 401 bytes] [received reply from front:] >48545450 2F312E31 20323030 204F4B0D< HTTP/1.1 200 OK. 00000000 >0A436F6E 74656E74 2D547970 653A2069< .Content-Type: i 00000010 >6D616765 2F706E67 0D0A4C61 73742D4D< mage/png..Last-M 00000020 >6F646966 6965643A 20467269 2C203237< odified: Fri, 27 00000030 >204F6374 20323030 36203031 3A32343A< Oct 2006 01:24: 00000040 >33322047 4D540D0A 45787069 7265733A< 32 GMT..Expires: 00000050 >2053756E 2C203137 204A616E 20323033< Sun, 17 Jan 203 00000060 >38203139 3A31343A 30372047 4D540D0A< 8 19:14:07 GMT.. 00000070 >53657276 65723A20 4757532F 322E310D< Server: GWS/2.1. 00000080 >0A436F6E 74656E74 2D4C656E 6774683A< .Content-Length: 00000090 >20383037 320D0A44 6174653A 2053756E< 8072..Date: Sun 000000a0 >2C203038 20417072 20323030 37203134< , 08 Apr 2007 14 000000b0 >3A30383A 31302047 4D540D0A 0D0A8950< :08:10 GMT.....P 000000c0 >4E470D0A 1A0A0000 000D4948 44520000< NG........IHDR.. 000000d0 >01140000 006E0803 000000D1 601C5800< .....n......`.X. 000000e0 ... >DD625004 2ABE868C BA9EDAEE EEEE8181< .bP.*........... 00001f80 >FD6F9E34 5BAC3286 E1EBD856 A97E2C3F< .o.4[.2....V.~,? 00001f90 >02F626F9 6302606C 4927311B 1B7F7E27< ..&.c.`lI'1...~' 00001fa0 >472AD8FC 0F038387 DEC6741F 37CB5F58< G*........t.7._X 00001fb0 >A0A4D849 D472D8C3 F27A377A B1E1E9C4< ...I.r...z7z.... 00001fc0 >E61936DA F463FC49 C137CD9F 9DC05692< ..6..c.I.7....V. 00001fd0 >CB0AFA62 F26C703A 9D282506 BED3468F< ...b.lp:.(%...F. 00001fe0 >F98727DF 447F8B83 B4D87456 AB4C1856< ..'.D.....tV.L.V 00001ff0 >96C58722 7F861DDC 5C7FA084 32EA49BB< ..."....\...2.I. 00002000 >87A6F1C3 5602ED2C C92D0D85 AC584251< ....V..,.-...XBQ 00002010 >3FF3AA27 FEBECFCD 0B853CAB 2619924C< ?..'......<.&..L 00002020 >401925BB 09281392 F2AF52AB 09498932< @.%..(....R..I.2 00002030 >FE1F842A F6A0483B 998A0000 00004945< ...*..H;......IE 00002040 >4E44AE42 6082< ND.B`. 00002050 [backwarded 8278 bytes] [received request from back with 346 bytes:] >47455420 2F666176 69636F6E 2E69636F< GET /favicon.ico 00000000 >20485454 502F312E 310D0A48 6F73743A< HTTP/1.1..Host: 00000010 >206C6F63 616C686F 73743A39 3030300D< localhost:9000. 00000020 >0A557365 722D4167 656E743A 204D6F7A< .User-Agent: Moz 00000030 >696C6C61 2F352E30 20285769 6E646F77< illa/5.0 (Window 00000040 >733B2055 3B205769 6E646F77 73204E54< s; U; Windows NT 00000050 >20352E31 3B20656E 2D55533B 2072763A< 5.1; en-US; rv: 00000060 >312E382E 312E3229 20476563 6B6F2F32< 1.8.1.2) Gecko/2 00000070 >30303730 32313920 46697265 666F782F< 0070219 Firefox/ 00000080 >322E302E 302E320D 0A416363 6570743A< 2.0.0.2..Accept: 00000090 >20696D61 67652F70 6E672C2A 2F2A3B71< image/png,*/*;q 000000a0 >3D302E35 0D0A4163 63657074 2D4C616E< =0.5..Accept-Lan 000000b0 >67756167 653A2065 6E2D7573 2C656E3B< guage: en-us,en; 000000c0 >713D302E 372C6465 3B713D30 2E330D0A< q=0.7,de;q=0.3.. 000000d0 >41636365 70742D45 6E636F64 696E673A< Accept-Encoding: 000000e0 >20677A69 702C6465 666C6174 650D0A41< gzip,deflate..A 000000f0 >63636570 742D4368 61727365 743A2049< ccept-Charset: I 00000100 >534F2D38 3835392D 312C7574 662D383B< SO-8859-1,utf-8; 00000110 >713D302E 372C2A3B 713D302E 370D0A4B< q=0.7,*;q=0.7..K 00000120 >6565702D 416C6976 653A2033 30300D0A< eep-Alive: 300.. 00000130 >436F6E6E 65637469 6F6E3A20 6B656570< Connection: keep 00000140 >2D616C69 76650D0A 0D0A< -alive.... 00000150 [forwarded 346 bytes] [received reply from front:] >48545450 2F312E31 20323030 204F4B0D< HTTP/1.1 200 OK. 00000000 >0A436F6E 74656E74 2D547970 653A2069< .Content-Type: i 00000010 >6D616765 2F782D69 636F6E0D 0A4C6173< mage/x-icon..Las 00000020 >742D4D6F 64696669 65643A20 5765642C< t-Modified: Wed, 00000030 >20303720 4A756E20 32303036 2031393A< 07 Jun 2006 19: 00000040 >33353A33 3420474D 540D0A45 78706972< 35:34 GMT..Expir 00000050 >65733A20 53756E2C 20313720 4A616E20< es: Sun, 17 Jan 00000060 >32303338 2031393A 31343A30 3720474D< 2038 19:14:07 GM 00000070 >540D0A53 65727665 723A2047 57532F32< T..Server: GWS/2 00000080 >2E310D0A 436F6E74 656E742D 4C656E67< .1..Content-Leng 00000090 >74683A20 31343036 0D0A4461 74653A20< th: 1406..Date: 000000a0 >53756E2C 20303820 41707220 32303037< Sun, 08 Apr 2007 000000b0 >2031343A 30383A31 3020474D 540D0A0D< 14:08:10 GMT... 000000c0 ... >66BAC71F 2D315B23 2F123A10 34227AB9< f...-1[#/.:.4"z. 00000580 >63BEC634 13182314 14273336 571C76C0< c..4..#..'36W.v. 00000590 >499FC826 1631195D 5C283931 4D1A89C4< I..&.1.]\(91M... 000005a0 >549ACE7C 49455E46 4C233C14 523487C1< T..|IE^FL#<.R4.. 000005b0 >3244A0BD 69323F15 4714868C 4B1D7FD1< 2D..i2?.G...K... 000005c0 >2F6792AE D6756A35 6B8DC9B7 652A82D2< /g...uj5k...e*.. 000005d0 >44446279 9BA2BCCB DDB39E93 562184B5< DDby........V!.. 000005e0 >510F3D32 68397173 5A5F4124 1B2C88DC< Q.=2h9qsZ_A$.,.. 000005f0 >A4ACA7A9 AFA5AAA8 B1A6ADAB B6B1B100< ................ 00000600 >00000000 00000000 00000000 00000000< ................ 00000610 >00000000 00000000 00000000 00000000< ................ 00000620 >00000000 00000000 00000000 00000000< ................ 00000630 >00000000 00000000 00000000 000000< ............... 00000640 [backwarded 1615 bytes] |