tcpdump mailing list archives
Re: tcpdump filter for HTTP GET
From: Robert Lowe <Robert.H.Lowe () lawrence edu>
Date: Mon, 08 Nov 2004 12:27:41 -0600
Jefferson Ogata wrote:
Robert Lowe wrote:Anyone have a filter that will capture just HTTP GET requests? I'm looking for something more specific than just "dst host X and tcp dst port 80", but I'm not worried about requests to non-standard ports. I would suspect I could reference tcp[N:3] = GET, but can N be an expression itself, e.g. the data offset in theTCP header??Yes. tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420
Beautiful! But wouldn't the bit-shift be for 4 bits? Thanks!!!! -Robert - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- tcpdump filter for HTTP GET Robert Lowe (Nov 08)
- Re: tcpdump filter for HTTP GET Jefferson Ogata (Nov 08)
- Re: tcpdump filter for HTTP GET Robert Lowe (Nov 08)
- Re: tcpdump filter for HTTP GET Guy Harris (Nov 08)
- Re: tcpdump filter for HTTP GET Jefferson Ogata (Nov 08)
- Re: tcpdump filter for HTTP GET Robert Lowe (Nov 08)
- Re: tcpdump filter for HTTP GET Robert Lowe (Nov 08)
- Re: tcpdump filter for HTTP GET Jefferson Ogata (Nov 08)