When you’re debugging a tough problem you sometimes need to analyze the HTTP traffic flowing between your machine and a webserver or proxy. Sometimes you can use firebug or chrome inspector for that. But here’s a lowlevel alternative that I’m pretty excited about. Meet Tshark.
Because it’s low level, it will run nicely in a separate console. And it will catch any request. That can be useful when you want to find out what 3rd party apps are communicating. In my case it was a Flash app that we assumed didn’t respect some redirect headers while downloading static files. Since it had it’s own HTTP implementation, firebug was unable to shed any light on the matter.
I knew tcpdump but was never really happy with it. And then I found TShark.
On Ubuntu I typed:
But I found implementations for other systems as well.
Sniff HTTP requests
Tshark can analyze any kind of network traffic, but in my case I was particularly helped by a command I found on stackoverflow:
Run that, and browsing to google will dump:
1 2 3 4
Nice and clean.
The above was all I needed, but I soon found examples that demonstrate some other capabilites.
Count GIF images based on content type
The command below counts the number of GIF images downloaded through HTTP (from codealias):
1 2 3 4
Log all POP users
The command below captures all port 110 traffic and filters out the ‘user’ command and saves it to a text file (from Mark’s notes):
Log HTTP request / receive headers
One from superuser
Ok that’s it for now. If you have some juicy tshark commands yourself, just post a comment and I’ll update the article.
These were imported from my old blog. Please use disqus below for new comments