When performing HTTP analysis through packet capture, the easiest approach is to install Wireshark or Fiddler directly on the client. However, if the client developers (possibly third-party) lack sufficient knowledge or if there are other issues, it may not be feasible to conduct packet capture analysis smoothly on the client. In such cases, what should be done?
In this article, we will introduce the method of performing packet capture analysis on the server side, using tcpdump for packet capture, combined with Wireshark for analyzing HTTP requests. This approach is very simple and effective.
This article will be continuously revised and updated. For the latest content, please refer to my project on, and feel free to Star. For more exciting content, please.
Using tcpdump for Packet Capture on the Server
Perform packet capture analysis on the server using tcpdump
The parameters here are as follows
For more advanced usage of tcpdump, you can refer to
The above command will keep running and output the result to a file. During this process, all TCP traffic accessing port 8080 will be captured. Once the request is finished, we can use to interrupt the command execution. At this point, a file named will be generated in the current directory.
Analyzing with Wireshark
Next, we download the captcha.cap file from the server to our computer and open it using
The simplest way to download is of course to use scp scp account@ip:/path/to/captcha.cap .
Since we need to analyze the HTTP packets, directly opening it will obviously not allow us to distinguish the content we need, therefore, you can add filter rules in the filter bar to display only HTTP traffic.
When there are many requests, we still cannot quickly distinguish which is the request from the specified client. Fortunately, the powerful filter can be used in combination.
The above filter will filter out all HTTP traffic from the client 192.168.0.65.
Once we find the HTTP request we need to analyze, how do we view the request and response contents? It is also very simple, just select this request, right-click – :
In the newly opened window, we can see all the contents of this request.
Summary
tcpdump and Wireshark are very powerful network analysis tools, and their uses are not limited to HTTP request packet capture. With these two tools, we can analyze all network traffic and network protocols. This article provides a simple explanation for the most common HTTP request packet capture methods. In fact, using Wireshark’s powerful filter rules, we can more accurately filter and analyze traffic.