August 13, 2013

Dump http requests in-transit with tcpdump

Note to self -

tcpdump -A -s 0 ‘tcp port 80 and (((ip[2:2] – ((ip[0]&0xf)<<2)) – ((tcp[12]&0xf0)>>2)) != 0)’

Handy on haproxy/varnish boxes to see requests/responses in realtime for debugging on-the-fly… As opposed to having to dump to trace file and analyzing off-server with wireshark or similar…

