Linux下运用HTTP抓包的实用技术(linuxhttp抓包)
With the development of the Internet and the advancement of modern technology, network traffic data is increasingly playing an important role in many directions. It can not only be used by network operators for network management and network metrics analysis, but also the data is of value to security personnel. In the network security field, obtaining network data through packet capture is often the most direct means to locate problems. This article will introduce a practical packet capture technique under Linux — “HTTP Sniffer”.
HTTP Sniffer is a tool to capture HTTP packets and display them in detail. It is easy to install and use. To install in Linux, you only need to run the following command:
$ sudo apt-get install hping3
The principle of packet capture is to set up one or more capture points in the network, and use the capture point to capture the packet flowing through the network link. Capture can only capture unencrypted packets. We can use tshark to capture HTTP requests and responses, but we are limited to one-time traffic capture. However, the advantage of Hping3 is that we can often capture multiple HTTP requests from a single client that does not timeout.
To capture the HTTP x request of a specific website, you must first know the IP address of the website. To get the IP address of a website, run the following command:
$ dig www.example.com +nostats +nocomment +nocmd
Then type the following command to run Hping3:
$ sudo hping3 -q -i u1000 –faster -a 192.168.1.103 -p 80 -S www.example.com
Here the “-a” option indicates the IP address of the target website, “-i u1000” indicates the time interval of each request and response, “-p 80” indicates the HTTP service port, and “-S” indicates that Hping3 output a normal TCP connection.
After Hping3 is running, you can open a browser and access the website to trigger some corresponding HTTP x request messages. Then you can use tshark to capture the corresponding packets and analyze the content.
$ tshark -f “host www.example.com” -i eth0 -d tcp.port==80,http
Looking at the captured packet details, you can find the key information of this HTTP request. Next, you can find out the detailed request parameters, response headers, and page content of this request.
In conclusion, gaining access to network traffic data via packet capture has many applications in many fields and is extremely beneficial. In this article, we have introduce the “HTTP Sniffer” under Linux, which is easy to use. Specifically, we have specifically described how to implement network packet capture under Linux, and at the same time, guided readers on how to interpret and analyze the captured HTTP packet messages.
