Tcpdump print only urls

Question

Tcpdump print only urls

Is there any way to do

tcpdump -i lo -A

and print all urls, any connections made?

I did:

 sudo tcpdump -i lo -A | grep Host:

which works great. But I was wondering if there are options to do the same in tcpdump

Finally, is there a way to do this in python without using the sys or Popen / subprocess command

+6

python tcpdump

Cripto Jul 17 '13 at 21:14

source share

3 answers

tcpdump cannot filter based on the contents of packets (without deep packet inspection), since it uses only the pcacp filter. You can improve your performance only by dropping these packets for incoming TCP connections to your HTTP port .

 tcpdump -i lo -A tcp port 80

TCPDUMP python: use Pcapy

Another option is to use tshark

+2

Dennis Jul 26 '13 at 11:21

source share

What you want to use is libpcap, which is the packet capture library that tcpdump uses. There is a python shell for this, which can be found here .

In python, you can create any filtering you want on top of the filter already provided by pcap / tcpdump. Then display this filtered output (or whatever you do in your python script).

+1

dave Jul 28 '13 at 4:31

source share

raf10x · Accepted Answer · 2013-07-22T12:07:41+0000

you can use scapy sniff function and use regex or grep

 import scapy tcpdump = sniff(count=5,filter="host 64.233.167.99",prn=lambda x:x.summary()) print tcpdump

change the filter for your filter text :)

or maybe you want to save traffic and see it in wirehark

 wrpcap("temp.cap",pkts)

Tcpdump print only urls

More articles: