tcpDump to get Request header on Shared hosting

Question

I want to see request headers for my site, it is hosted on shared hosting, I call hosting company but engineer don’t know how to filter tcpdump for particular site. Because my site is hosted on shared hosting, tcpdump is capturing all requests including all domains on that server. And also they don’t have any other programme like tcpflow or wireshark install, and I can’t see this is happening in near future. Is there any options or parameter available to capture requests only for particular site ?? Thanks Sharique

Answer 1

It's going to be difficult to filter your traffic using tcpdump, but it would be easier to accomplish by creating a page on the server which, when accessed, displays the headers it received from the client. Tony Primerano's blog has several examples -- I personally would do this using his PHP example. Just create a PHP page on the server and access the URL from your web browser. In the browser window, you'll see all the HTTP request options the web server received, including those you suspect the firewall has added.

Here's Tony's code snippet:

 <?php
   foreach($_SERVER as $h=>$v)
     if(ereg('HTTP_(.+)',$h,$hp))
       echo "<li>$h = $v</li>\n";
   header('Content-type: text/html');
  ?>

And here's an example of his output:

• HTTP_HOST = www.tonycode.com
• HTTP_USER_AGENT = Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0.1) Gecko/20100101 Firefox/8.0.1
• HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
• HTTP_ACCEPT_LANGUAGE = en-us,en;q=0.5
• HTTP_ACCEPT_ENCODING = gzip, deflate
• HTTP_ACCEPT_CHARSET = ISO-8859-1,utf-8;q=0.7,*;q=0.7
• HTTP_DNT = 1
• HTTP_REFERER = [referer URL here]
• HTTP_CONNECTION = close

I know that wasn't your question, but hopefully it's a good answer.

Hope that helps!