Network tracing

Show established outbound connections:

lsof -i -P | grep ESTABLISHED | awk '{split($9,s,">"); printf "%-10s %-4s %s\n", $1, $8, s[2]}'

tcpflow

• Monitoring HTTP Requests on a Network Interface in Real Time: tcpflow

Usage:

sudo tcpflow -p -c -i ens3 port 80

httpry

• Monitoring HTTP Requests on a Network Interface in Real Time: httpry

sudo httpry -i wlp0s20f3
sudo httpry -i wlp0s20f3 -m post

tcpdump

Show http headers:

tcpdump -A -s 10240 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | \
  egrep --line-buffered "^........(GET |HTTP\/|POST |HEAD )|^[A-Za-z0-9-]+: " | \
  sed -r 's/^........(GET |HTTP\/|POST |HEAD )/\n\1/g'

Other tools

• Justniffer No Debian package