I would like to view the HTTP headers sent from Apache (listening on port 80) to Tomcat (on port 4080) in a Linux machine.
According to Wikipedia,
Header fields are colon-separated name-value pairs in clear-text string format.
I've tried some variations of the following tcpdump
command:
$ sudo tcpdump -lnX dst port 4080 -c 10
11:29:28.605894 IP SOME_IP.33273 > SOME_IP.4080: P 0:49(49) ack 1 win 23 <nop,nop,timestamp 1191760962 509391143>
0x0000: 4500 0065 3a9f 4000 3f06 0084 628a 9ec4 E..e:.@.?...b...
0x0010: 628a 9c97 81f9 0ff0 9e87 eee0 144b 90e1 b............K..
0x0020: 8018 0017 fb43 0000 0101 080a 4708 d442 .....C......G..B
0x0030: 1e5c b127 4845 4144 202f 6461 7070 6572 .\.'HEAD./dapper
0x0040: 5f73 6572 7669 6e67 2f41 644d 6f6e 6b65 _serving/AdMonke
0x0050: 793f y?
The result was always the same - a strange mix of gibberish and English words (e.g. HEAD
).
How can I view the headers in a human-readable format?
Here's a one-liner I came up with for displaying request and response HTTP headers using
tcpdump
(which should work for your case too):It limits cuts the packet off at 10Kb and only knows GET, POST and HEAD commands, but that should be enough in the majority of cases.
EDIT: modified it to get rid of the buffers at every step to make it more responsive. Needs Perl and stdbuf now though, so use the original version if you don't have those: EDIT: Changed script port targets from 80 to 4080, to actually listen for traffic that went through apache already, instead of direct outside traffic arriving to port 80:
Some explanations:
You can get something close to what you want by using
-A
, e.g.Remember to use
-s 0
to make sure you get the whole packet.Alternatively you could use
wireshark
to view the headers interactively.Try to use http://justniffer.sourceforge.net/ It is better tool or Wireshark with "Follow TCP Flow" option, there are just many better options than tcpdump to see headers (requests/responses)