If I run zsh inside bash (on macOS Sierra), why does $SHELL still point to /bin/bash, rather then /bin/zsh?
$ echo $SHELL
/bin/bash
$ zsh
% echo $SHELL
/bin/bash
I'm trying to use tcpick to log http data in unique files (client and server mixed together). This is one of the examples from tcpick's man page:
$ tcpick -i eth0 "port 80" -wRub
I expected this to write the tcp stream to a file named <ip_client>_<ip_server>_<port_server>.tcpick, but it seems that no file gets written at all.
Does anyone have an explanation for this? I'm running tcpick 0.2.1 on Ubuntu 12.04.1 LTS.
To monitor HTTP traffic between a server and a web server, I'm currently using tcpdump. This works fine, but I'd like to get rid of some superfluous data in the output (I know about tcpflow and wireshark, but they're not readily available in my environment).
From the tcpdump man page:
To print all IPv4 HTTP packets to and from port 80, i.e. print only packets that contain data, not, for example, SYN and FIN packets and ACK-only packets.
tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
This command
sudo tcpdump -A 'src example.com and tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
provides the following output:
19:44:03.529413 IP 192.0.32.10.http > 10.0.1.6.52369: Flags [P.], seq 918827135:918827862, ack 351213824, win 4316, options [nop,nop,TS val 4093273405 ecr 869959372], length 727
E.....@....... ....P..6.0.........D...... __..e=3...__HTTP/1.1 200 OK Server: Apache/2.2.3 (Red Hat) Content-Type: text/html; charset=UTF-8 Date: Sat, 14 Nov 2009 18:35:22 GMT Age: 7149
Content-Length: 438<HTML> <HEAD> <TITLE>Example Web Page</TITLE> </HEAD> <body>
<p>You have reached this web page ...</p> </BODY> </HTML>
This is nearly perfect, except for the highlighted part. What is this, end -- more importantly -- how do I get rid of it? Maybe it's just a little tweak to the expression at the end of the command?