tcpdump to only print urls

python tcpdump
Cripto picture Cripto · Jul 17, 2013 · Viewed 14.5k times · Source

Is there a way to do

tcpdump -i lo -A

and have it print all urls, any connections made?

I have done:

sudo tcpdump -i lo -A | grep Host:

which works great. But I was wondering if there are options to do the same in tcpdump

Finally, is there a way to do this in python without using a sys command or Popen/subprocess

Answer

Dennis Guse picture Dennis Guse · Jul 26, 2013

tcpdump cannot filter based upon the content of the packets (no deep packet inspection) as it only uses pcacp-filter. You could improve your performance by only dumping those packages for incoming TCP connections to your HTTP port.

tcpdump -i lo -A tcp port 80

TCPDUMP python: use Pcapy

Another option is to use tshark

Related questions

Subprocess Variables

1 import subprocess 2 raw = raw_input("Filename:").lower() 3 ip = raw_input("Host:").lower() 4 cmd = subprocess.call("tcpdump -c5 -vvv -w" + " raw " + " ip ",shell=True) So this is my script. I everything works besides one key objective, using the raw input. It …

Read More
Handling tcpdump output in python

Im trying to handle tcpdump output in python. What I need is to run tcpdump (which captures the packets and gives me information) and read the output and process it. The problem is that tcpdump keeps running forever and I …

Read More
Stripping payload from a tcpdump?

Is there an automated way (either in tcpdump or via a helper app Out There) to generate a pcap file that contains only Ethernet, IP and Layer 4 (TCP in my case) headers, so that there is no payload/application data …

Read More