Get full HTTP request description via TShark

Question

I need to get full description of the HTTP requests with TShark sniffer. I mean something like Wireshark's GUI where you can get:

• raw request data (zipped/unzipped);
• pretty printed extracted HTTP fields: (Host, Accepted-Encoding, Cookies, etc).

For now I'm able to dissect HTTP with:

 tshark -i eth0 -f 'dst host xxx.xxx.xxx.xxx' -d tcp.port=80,http

it prints something like this:

139389.228821 x.x.x.x -> y.y.y.y HTTP GET /test.html HTTP/1.1

or I can print cookie (or all cookies?) for example with:

tshark -i eth0 -f 'dst host xxx.xxx.xxx.xxx' -T fields -e http.cookie

But I want complete HTTP request description with raw data. Is it possible?

Answer 1

Note: See comments for accepted answer.

Curl might be able to do this for you. when you post your data via curl, use the -v and -i options. You can also use -b and -c to read/write cookie info to a file so you can look at it.

This may not be exactly what you want as it sounds like you already have a program thats doing the posting but if you can re-create the post and send with curl, you'll see all of the raw data (when using the right options).

Curl docs are here

Answer 2

If it is only to monitor traffic from your own computer, try Fiddler

Or use Firefox's Firebug, and/or Live HTTP Headers, and/or the Web Developer Toolbar