HOW TO : Capture HTTP Headers using tcpdump

Quick how to on capturing HTTP headers using tcpdump on a web server (running Linux).

    • On the web server, issue the following command

      [bash] tcpdump -s 1024 -C 1024000 -w /tmp/httpcapture dst port 80 [/bash]

        • Stop the capture by issuing the break command (ctrl + c)
        • Open the capture file (httpcapture in this example) in wireshark and check out the headers under theĀ  the HTTP protocol