I just got access to the Raspberry Pi, and I configured it to work as a DNS and DHCP server on my home network. This means that all network requests go through it before they are released into the wild ... Which gives me a great opportunity to use tcpdump and see what happens on my network!
I play with tcpdump arguments to create the perfect network spy. The idea is to capture HTTP GET requests.
This is what I have so far, and it is pretty good:
tcpdump -i eth0 'tcp[((tcp[12:1] & 0xf0)>> 2):4] = 0x47455420' -A
-i eth0 tells which interface to listen on- The quote bit is a great hexadecimal match bit for detecting a GET request.
-A means "print the contents of the ASCII of this package"
This works every time something on my network sends a GET request, which is great. My question is finally, how can I filter out boring queries like images, JavaScript, favicons, etc.?
Is this possible with tcpdump or do I need to upgrade to something more complete, like tshark?
Thanks for any help!
DISCLAIMER: Currently, the only person on my network is me ... This is not evil, this is a technical challenge!
source share