eth1 인터페이스에서 목적지 8080으로 향하는 패킷

sudo /sbin/tcpdump -i eth1 dst port 8000

패킷을 ASCII 문자열로 보여주기

sudo /sbin/tcpdump -i eth1 dst port 8000 -X

HTTP 헤더 로깅

# <https://serverfault.com/questions/504431/human-readable-format-for-http-headers-with-tcpdump>
 
sudo stdbuf -oL \\
    /sbin/tcpdump -A -s 10240 "tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)" \\
        | egrep -a --line-buffered ".+(GET |HTTP\\/|POST )|^[_A-Za-z0-9-]+: (.*)" \\
        | perl -nle 'BEGIN{$|=1} { s/.*?(GET |HTTP\\/[0-9.]* |POST )/\\n$1/g; print } ' \\
        | awk '/^$/ { print "\\n" "\\033[1;30m" "=========================================================" "\\033[m" "\\n" }
                /^(GET) .+$/ { print "\\033[33m" $0 "\\033[m" }
                /^(POST) .+$/ { print "\\033[35m" $0 "\\033[m" }
                /^(HTTP)\\/.+$/ { print "\\033[32m" $0 "\\033[m" }
                match($0, /^(.+?): (.+)$/, header) { print "\\033[1;34m" header[1] ": " "\\033[37m" header[2] "\\033[m" }