Search

tcpdump HTTPリクエストヘッダの出力

2015年10月19日

# tcpdump -i eth0 port 80 -Xns 1000
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 1000 bytes
16:28:11.574091 IP 64.122.133.210.26595 > 13.222.111.110.http: Flags [S], seq 2155308325, win 65535, options [mss 1304,nop,nop,sackOK], length 0
        0x0000:  4500 0030 c790 4000 7606 83f2 3dc2 39fa  E..0..@.v...=.9.
        0x0010:  85f2 bb96 67e3 0050 8077 6525 0000 0000  ....g..P.we%....
        0x0020:  7002 ffff 7ca6 0000 0204 0518 0101 0402  p...|...........
16:28:11.574152 IP 13.222.111.110.http > 64.122.133.210.26595: Flags [S.], seq 28297922, ack 2155308326, win 14600, options [mss 1460,nop,nop,sackOK], length 0
        0x0000:  4500 0030 0000 4000 4006 8183 85f2 bb96  E..0..@.@.......
        0x0010:  3dc2 39fa 0050 67e3 01af cac2 8077 6526  =.9..Pg......we&
        0x0020:  7012 3908 767f 0000 0204 05b4 0101 0402  p.9.v...........
16:28:11.595974 IP 64.122.133.210.26595 > 13.222.111.110.http: Flags [.], ack 1, win 65535, length 0
        0x0000:  4500 0028 c791 4000 7606 83f9 3dc2 39fa  E..(..@.v...=.9.
        0x0010:  85f2 bb96 67e3 0050 8077 6526 01af cac3  ....g..P.we&....
        0x0020:  5010 ffff dc4b 0000                      P....K..
16:28:11.597050 IP 64.122.133.210.26595 > 13.222.111.110.http: Flags [P.], seq 1:1102, ack 1, win 65535, length 1101
        0x0000:  4500 0475 c792 4000 7606 7fab 3dc2 39fa  E..u..@.v...=.9.
        0x0010:  85f2 bb96 67e3 0050 8077 6526 01af cac3  ....g..P.we&....
        0x0020:  5018 ffff d121 0000 504f 5354 202f 3264  P....!..POST./2d
        0x0030:  6f77 696b 692f 7770 2d61 646d 696e 2f61  owiki/wp-admin/a
        0x0040:  646d 696e 2d61 6a61 782e 7068 7020 4854  dmin-ajax.php.HT
        0x0050:  5450 2f31 2e31 0d0a 486f 7374 3a20 7777  TP/1.1..Host:.ww
        0x0060:  772e 7761 6b61 7565 2e69 6e66 6f0d 0a55  w.wakaue.info..U
        0x0070:  7365 722d 4167 656e 743a 204d 6f7a 696c  ser-Agent:.Mozil
        0x0080:  6c61 2f35 2e30 2028 5769 6e64 6f77 7320  la/5.0.(Windows.
        0x0090:  4e54 2035 2e31 3b20 7276 3a32 322e 3029  NT.5.1;.rv:22.0)
        0x00a0:  2047 6563 6b6f 2f32 3031 3030 3130 3120  .Gecko/20100101.
        0x00b0:  4669 7265 666f 782f 3232 2e30 0d0a 4163  Firefox/22.0..Ac
        0x00c0:  6365 7074 3a20 6170 706c 6963 6174 696f  cept:.applicatio
        0x00d0:  6e2f 6a73 6f6e 2c20 7465 7874 2f6a 6176  n/json,.text/jav
        0x00e0:  6173 6372 6970 742c 202a 2f2a 3b20 713d  ascript,.*/*;.q=
        0x00f0:  302e 3031 0d0a 4163 6365 7074 2d4c 616e  0.01..Accept-Lan
        0x0100:  6775 6167 653a 206a 612c 656e 2d75 733b  guage:.ja,en-us;
        0x0110:  713d 302e 372c 656e 3b71 3d30 2e33 0d0a  q=0.7,en;q=0.3..
        0x0120:  4163 6365 7074 2d45 6e63 6f64 696e 673a  Accept-Encoding:
        0x0130:  2067 7a69 702c 2064 6566 6c61 7465 0d0a  .gzip,.deflate..
        0x0140:  436f 6e74 656e 742d 5479 7065 3a20 6170  Content-Type:.ap
        0x0150:  706c 6963 6174 696f 6e2f 782d 7777 772d  plication/x-www-
        0x0160:  666f 726d 2d75 726c 656e 636f 6465 643b  form-urlencoded;
        0x0170:  2063 6861 7273 6574 3d55 5446 2d38 0d0a  .charset=UTF-8..
        0x0180:  582d 5265 7175 6573 7465 642d 5769 7468  X-Requested-With
        0x0190:  3a20 584d 4c48 7474 7052 6571 7565 7374  :.XMLHttpRequest
        0x01a0:  0d0a 5265 6665 7265 723a 2068 7474 703a  ..Referer:.http:
        0x01b0:  2f2f 7777 772e 7761 6b61 7565 2e69 6e66  //www.wakaue.inf
        0x01c0:  6f2f 3264 6f77 696b 692f 0d0a 436f 6e74  o/2dowiki/..Cont
        0x01d0:  656e 742d 4c65 6e67 7468 3a20 3135 0d0a  ent-Length:.15..
        0x01e0:  436f 6f6b 6965 3a20 7770 2d73 6574 7469  Cookie:.wp-setti
        0x01f0:  6e67 732d 313d 6564 6974 6f72 2533 4468  ngs-1=editor%3Dh
        0x0200:  746d 6c25 3236 6c69 6272 6172 7943 6f6e  tml%26libraryCon
        0x0210:  7465 6e74 2533 4462 726f 7773 6525 3236  tent%3Dbrowse%26
        0x0220:  756e 666f 6c64 2533 4431 3b20 7770 2d73  unfold%3D1;.wp-s
        0x0230:  6574 7469 6e67 732d 7469 6d65 2d31 3d31  ettings-time-1=1
        0x0240:  3337 3633 3738 3732 393b 2077 6f72 6470  376378729;.wordp
        0x0250:  7265 7373 5f74 6573 745f 636f 6f6b 6965  ress_test_cookie
        0x0260:  3d57 502b 436f 6f6b 6965 2b63 6865 636b  =WP+Cookie+check
        0x0270:  3b20 776f 7264 7072 6573 735f 6c6f 6767  ;.wordpress_logg
        0x0280:  6564 5f69 6e5f 3830 3361 6665 6338 3736  ed_in_803afec876
        0x0290:  6463 3032 3263 3663 6430 6465 3465 3262  dc022c6cd0de4e2b
        0x02a0:  3630 3036 3534 3d75 656b 6177 615f 6164  600654=uekawa_ad
        0x02b0:  6d69 6e25 3743 3133 3736 3532 3733 3831  min%7C1376527381
        0x02c0:  2537 4330 6334 3530 6434 6334 3937 3639  %7C0c450d4c49769
        0x02d0:  3439 3935 6236 3663 3430 3265 3532 3333  4995b66c402e5233
        0x02e0:  6535 393b 205f 5f75 746d 613d 3131 3432  e59;.__utma=1142
        0x02f0:  3739 3136 392e 3236 3033 3339 3737 342e  79169.260339774.
        0x0300:  3133 3735 3637 3630 3638 2e31 3337 3630  1375676068.13760
        0x0310:  3135 3739 302e 3133 3736 3033 3133 3530  15790.1376031350
        0x0320:  2e37 3b20 5f5f 7574 6d7a 3d31 3134 3237  .7;.__utmz=11427
        0x0330:  3931 3639 2e31 3337 3536 3736 3036 382e  9169.1375676068.
        0x0340:  312e 312e 7574 6d63 7372 3d28 6469 7265  1.1.utmcsr=(dire
        0x0350:  6374 297c 7574 6d63 636e 3d28 6469 7265  ct)|utmccn=(dire
        0x0360:  6374 297c 7574 6d63 6d64 3d28 6e6f 6e65  ct)|utmcmd=(none
        0x0370:  293b 204e 696e 6a61 4163 6365 7373 5573  );.NinjaAccessUs
        0x0380:  6572 3030 3138 3139 3438 3d31 3337 3630  er00181948=13760
        0x0390:  3331 3335 3234 3831 2532 3031 3337 3536  31352481%2013756
        0x03a0:  3736 3036 3738 3139 2532 3031 3337 3630  76067819%2013760
        0x03b0:  3331 3335 3234 3831 2532 3031 3225 3230  31352481%2012%20
        0x03c0:  373b 205f 6761 3d47 4131 2e32            7;._ga=GA1.2
16:28:11.597143 IP 13.222.111.110.http > 64.122.133.210.26595: Flags [.], ack 1102, win 16515, length 0
        0x0000:  4500 0028 1644 4000 4006 6b47 85f2 bb96  E..(.D@.@.kG....
        0x0010:  3dc2 39fa 0050 67e3 01af cac3 8077 6973  =.9..Pg......wis
        0x0020:  5010 4083 977b 0000                      P.@..{..
16:28:11.597663 IP 13.222.111.110.http > 64.122.133.210.26595: Flags [P.], seq 1:578, ack 1102, win 16515, length 577
        0x0000:  4500 0269 1645 4000 4006 6905 85f2 bb96  E..i.E@.@.i.....
        0x0010:  3dc2 39fa 0050 67e3 01af cac3 8077 6973  =.9..Pg......wis
        0x0020:  5018 4083 bba0 0000 4854 5450 2f31 2e31  P.@.....HTTP/1.1
        0x0030:  2034 3034 204e 6f74 2046 6f75 6e64 0d0a  .404.Not.Found..
        0x0040:  4461 7465 3a20 5475 652c 2031 3320 4175  Date:.Tue,.13.Au
        0x0050:  6720 3230 3133 2030 373a 3238 3a31 3120  g.2013.07:28:11.
        0x0060:  474d 540d 0a53 6572 7665 723a 2041 7061  GMT..Server:.Apa
        0x0070:  6368 650d 0a43 6f6e 7465 6e74 2d4c 656e  che..Content-Len
        0x0080:  6774 683a 2034 3133 0d0a 436f 6e6e 6563  gth:.413..Connec
        0x0090:  7469 6f6e 3a20 636c 6f73 650d 0a43 6f6e  tion:.close..Con
        0x00a0:  7465 6e74 2d54 7970 653a 2074 6578 742f  tent-Type:.text/
        0x00b0:  6874 6d6c 3b20 6368 6172 7365 743d 6973  html;.charset=is
        0x00c0:  6f2d 3838 3539 2d31 0d0a 0d0a 3c21 444f  o-8859-1....<!DO
        0x00d0:  4354 5950 4520 4854 4d4c 2050 5542 4c49  CTYPE.HTML.PUBLI
        0x00e0:  4320 222d 2f2f 4945 5446 2f2f 4454 4420  C."-//IETF//DTD.
        0x00f0:  4854 4d4c 2032 2e30 2f2f 454e 223e 0a3c  HTML.2.0//EN">.<
        0x0100:  6874 6d6c 3e3c 6865 6164 3e0a 3c74 6974  html><head>.<tit
        0x0110:  6c65 3e34 3034 204e 6f74 2046 6f75 6e64  le>404.Not.Found
        0x0120:  3c2f 7469 746c 653e 0a3c 2f68 6561 643e  </title>.</head>
        0x0130:  3c62 6f64 793e 0a3c 6831 3e4e 6f74 2046  <body>.<h1>Not.F
        0x0140:  6f75 6e64 3c2f 6831 3e0a 3c70 3e54 6865  ound</h1>.<p>The
        0x0150:  2072 6571 7565 7374 6564 2055 524c 202f  .requested.URL./
        0x0160:  3264 6f77 696b 692f 7770 2d61 646d 696e  2dowiki/wp-admin
        0x0170:  2f61 646d 696e 2d61 6a61 782e 7068 7020  /admin-ajax.php.
        0x0180:  7761 7320 6e6f 7420 666f 756e 6420 6f6e  was.not.found.on
        0x0190:  2074 6869 7320 7365 7276 6572 2e3c 2f70  .this.server.</p
        0x01a0:  3e0a 3c70 3e41 6464 6974 696f 6e61 6c6c  >.<p>Additionall
        0x01b0:  792c 2061 2034 3034 204e 6f74 2046 6f75  y,.a.404.Not.Fou
        0x01c0:  6e64 0a65 7272 6f72 2077 6173 2065 6e63  nd.error.was.enc
        0x01d0:  6f75 6e74 6572 6564 2077 6869 6c65 2074  ountered.while.t
        0x01e0:  7279 696e 6720 746f 2075 7365 2061 6e20  rying.to.use.an.
        0x01f0:  4572 726f 7244 6f63 756d 656e 7420 746f  ErrorDocument.to
        0x0200:  2068 616e 646c 6520 7468 6520 7265 7175  .handle.the.requ
        0x0210:  6573 742e 3c2f 703e 0a3c 6872 3e0a 3c61  est.</p>.<hr>.<a
        0x0220:  6464 7265 7373 3e41 7061 6368 6520 5365  ddress>Apache.Se
        0x0230:  7276 6572 2061 7420 7777 772e 7761 6b61  rver.at.www.waka
        0x0240:  7565 2e69 6e66 6f20 506f 7274 2038 303c  ue.info.Port.80<
        0x0250:  2f61 6464 7265 7373 3e0a 3c2f 626f 6479  /address>.</body
        0x0260:  3e3c 2f68 746d 6c3e 0a                   ></html>.
16:28:11.597719 IP 13.222.111.110.http > 64.122.133.210.26595: Flags [F.], seq 578, ack 1102, win 16515, length 0
        0x0000:  4500 0028 1646 4000 4006 6b45 85f2 bb96  E..(.F@.@.kE....
        0x0010:  3dc2 39fa 0050 67e3 01af cd04 8077 6973  =.9..Pg......wis
        0x0020:  5011 4083 9539 0000                      P.@..9..
16:28:11.619786 IP 64.122.133.210.26595 > 13.222.111.110.http: Flags [.], ack 579, win 64958, length 0
        0x0000:  4500 0028 c795 4000 7606 83f5 3dc2 39fa  E..(..@.v...=.9.
        0x0010:  85f2 bb96 67e3 0050 8077 6973 01af cd05  ....g..P.wis....
        0x0020:  5010 fdbe d7fd 0000                      P.......
16:28:11.619811 IP 64.122.133.210.26595 > 13.222.111.110.http: Flags [F.], seq 1102, ack 579, win 64958, length 0
        0x0000:  4500 0028 c798 4000 7606 83f2 3dc2 39fa  E..(..@.v...=.9.
        0x0010:  85f2 bb96 67e3 0050 8077 6973 01af cd05  ....g..P.wis....
        0x0020:  5011 fdbe d7fc 0000                      P.......
16:28:11.619827 IP 13.222.111.110.http > 64.122.133.210.26595: Flags [.], ack 1103, win 16515, length 0
        0x0000:  4500 0028 1647 4000 4006 6b44 85f2 bb96  E..(.G@.@.kD....
        0x0010:  3dc2 39fa 0050 67e3 01af cd05 8077 6974  =.9..Pg......wit
        0x0020:  5010 4083 9538 0000                      P.@..8..
^C
10 packets captured
10 packets received by filter
0 packets dropped by kernel

リクエストヘッダの平文が見れる。
オプション

-i   監視するLANインタフェースを指定する。
-X  16進で表示する際に、ASCII文字も表示する。
port tcpdumpを取得するポートを指定する
-n   IPアドレスやポート番号などを名前に変換せずに表示する。
-s   取得するパケットのデータ長を指定する。