Network tracing

Show established outbound connections:

lsof -i -P | grep ESTABLISHED | awk '{split($9,s,">"); printf "%-10s %-4s %s\n", $1, $8, s[2]}'

tcpflow

• Monitoring HTTP Requests on a Network Interface in Real Time: tcpflow

Usage:

tcpflow -p -c -i ens3 port 80

httpry

• Monitoring HTTP Requests on a Network Interface in Real Time: httpry

tcpdump

Show http headers:

tcpdump -A -s 10240 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | egrep --line-buffered "^........(GET |HTTP\/|POST |HEAD )|^[A-Za-z0-9-]+: " | sed -r 's/^........(GET |HTTP\/|POST |HEAD )/\n\1/g'

Other tools

• Justniffer No Debian package