Sniffing the Wire - HTTP Debugging the easy and hard way

If you work in web services for any length of time, eventually you'll need to sniff the packets that are flowing and figure out what [insert framework of choice] is doing to your precious data.

Fear not, there is an easy way. For the sadists, there is also a hard way.

Read on, I'll show you both.

YATT is amazing. It's everything you need, nothing you don't. Its just for HTTP, which is great. It has url filters, which is great. Its fast, thin, and STUPID simple. Great.

Download it. I'd get a newer version of WinPCap, especially if you're on a 64bit box or Windows 7.

How To Use:

  1. Skip this section, it literally has 4 options. 
  2. Still here, fine. File->Start Trace
  3. Select WinPCap Capture
  4. Select your IP/Interface
  5. Type in a filter: www.example.com -or- leave it blank
  6. select what port you're talking on (Hint: 80)


The Hard Way

Use this if:

  • If you're on a remote headless Unix/Linux system
  • You don't want to install windows
  • You cant get Wireshark to run natively, but have it installed somewhere else
Get Wireshark, make sure you have tcpdump on your remote system.

  1. On the system your send/receiving packets, run this as root:
          $  tcpdump -s 65535 -w /someplace/tcpdump.out
  2. Now, make some traffic.
  3. Control-C tcpdump.
  4. Copy the file to the box that has wireshark on it.
  5. In wireshark, File->Open tcpdump.out




Posted by Dustin Hawkins at 16:15 | Comment (1) | Trackbacks (0)

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

hi!!!
#1 Heecy on 2012-02-09 02:03 (Reply)

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.
You can use [geshi lang=lang_name [,ln={y|n}]][/geshi] tags to embed source code snippets.