Capturing HTTP packet body through tcpdump
https://stackoverflow.com/questions/9459355
-
13-11-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am trying to monitor the network activity of a specific application on an Android device. In the application that I am attempting to monitor, I am communicating with an HTTP server that is running remotely. There are obviously different ways of querying the server, and I am trying to gather statistics on those different types of queries (round-trip-time of packets, etc.).
After some research I have decided to give tcpdump a shot. I am trying to view the contents of packets using the -A option; I figured that after spitting out the contents of the packets I could parse the query type out of the packet body and sort them according to the type. However, it seems that using the -A option just gives me a bunch of garbage. Am I misinterpreting what the -A option actually does? According to this example here http://code.google.com/apis/gdata/articles/wireshark.html, I should be seeing some human readable form of the output.
After some research I have found that it is possible that the garbage being spit out is just compressed data. If this is the case, is it possible to decompress it?
Forgive me if I sound naive, I am relatively new to this stuff. Any help would be greatly appreciated. Thanks!
Solution
Wireshark has quite a few statistics built into it, why can't you just use that?
If you need a way to do it programmaticly check out Tshark (command line of wireshark), could be quite good for this.
http://kevin.vanzonneveld.net/techblog/article/analyze_http_requests_with_tshark/
