thomasdarimont/tcpdump.md

## tcpdump.md

      
    Raw
  

              tcpdump.md
            
          
    sudo tcpdump -i lo src port 8081 or dst port 8081 -w keycloak-1.pcap

or just
sudo tcpdump -i lo port 8081 -w keycloak-1.pcap


## tshark.md

      
    Raw
  

              tshark.md
            
          
    show Requests

$ sudo tshark -i any \
 -Y 'http.request.method == "GET" or http.request.method == "OPTIONS" or http.request.method == "POST"' \
 -T fields \
 -e http.request.method -e http.request.uri -e ip.src -e ip.dst

Show IP, TCP + HTTP (Path, Method, Headers)

$ sudo tshark -i any \
 -Y 'http.request.method == "GET" or http.request.method == "OPTIONS" or http.request.method == "POST"' \
 -V \
 -Y "http.request || http.response" \
 | awk "/Hypertext Transfer Protocol/,/Frame/ { print };/Transmission Control Protocol/{print};/Internet Protocol/{print}" | grep -v Frame
No results found