I'm running "sudo tcpdump -s 0 -A port 80" on my Linux system to monitor HTTP traffic. This works, but all of the traffic is gzipped. Is there any easy way to un-compress this on the fly so I can watch the traffic in real-time?
The manual lists a few workarounds for the missing gzdecode() #82930, or just use the one from upgradephp , or the gzopen temp file workaround. Another option would be forcing the deflate encoding with the Accept-Encoding: header and then using gzinflate() for decompression.
Using gzip on the Web When a browser with gzip support sends a request, it adds “gzip” to its Accept-Encoding header. When the web server receives the request, it generates the response as normal, then checks the Accept-Encoding header to determine how to encode the response.
You should gzip your content because: it easy very easy to do. it saves you bandwidth(which could save you money). it will make your site faster.
give tcpflow
a try. This command is able to do what you want. Excerpt from man page:
Rather than showing packet-by-packet information, tcpflow reconstructs the actual data streams [...] has a sophisticated plug-in system for decompressing compressed HTTP connections
To have a live view, you would tell tcpflow
to write to the console:
tcpflow -c -a port 80
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With