tcpdump

[Andy Green]

David G. Miller wrote:
> Aly Dharshi <aly.dharshi at telus.net> wrote:
> 
>> Hello Kaushal, I hope that you are well. tcpdump -i ethX port 80 Where 
>> X would be a number so eth0 or eth1, you can also refine this with 
>> "src port" and "dst port" expressions, have you tried using wireshark 
>> instead if you are using an X system ? Cheers, Aly. Kaushal Shriyan 
>> wrote:
>>> > Hi
>>> > > How do i capture http request and response using tcpdump
>>> > > Thanks and Regards
>>> > > Kaushal
>>> > 
> This approach only captures the HTTP requests.  It will not capture the 
> response since the response will not be through port 80; the response to 
> a request will be to some randomly assigned, non-privileged port.

That is not so: tcpdump's "port" parameter matches if the port appears 
on the source OR destination.  And although an ephemeral port is used on 
the receive side, it is sent from the web server using port 80, and so 
matches the tcpdump filter.  Give it a try.

-Andy