Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Any easy way to monitor HTTP gzipped traffic on a live running Linux system?

I'm running "sudo tcpdump -s 0 -A port 80" on my Linux system to monitor HTTP traffic. This works, but all of the traffic is gzipped. Is there any easy way to un-compress this on the fly so I can watch the traffic in real-time?

like image 606
SeanLabs Avatar asked Feb 05 '16 18:02

SeanLabs


People also ask

How do I uncompress a gzipped HTTP response?

The manual lists a few workarounds for the missing gzdecode() #82930, or just use the one from upgradephp , or the gzopen temp file workaround. Another option would be forcing the deflate encoding with the Accept-Encoding: header and then using gzinflate() for decompression.

How does browser gzip work?

Using gzip on the Web When a browser with gzip support sends a request, it adds “gzip” to its Accept-Encoding header. When the web server receives the request, it generates the response as normal, then checks the Accept-Encoding header to determine how to encode the response.

Should I use gzip compression?

You should gzip your content because: it easy very easy to do. it saves you bandwidth(which could save you money). it will make your site faster.


1 Answers

give tcpflow a try. This command is able to do what you want. Excerpt from man page:

Rather than showing packet-by-packet information, tcpflow reconstructs the actual data streams [...] has a sophisticated plug-in system for decompressing compressed HTTP connections

To have a live view, you would tell tcpflow to write to the console:

tcpflow -c -a port 80
like image 71
Michael Schaefers Avatar answered Oct 01 '22 07:10

Michael Schaefers