通过tcpdump
可以过滤HTTP请求:
过滤HTTP GET请求 (GET = 0x47, 0x45, 0x54, 0x20):
sudo tcpdump -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'
过滤HTTP POST请求 (POST = 0x50, 0x4f, 0x53, 0x54):
sudo tcpdump -s 0 -A 'tcp dst port 80 and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)'
过滤request和response
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
tcpdump -X -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
其中后面的过滤规则可以通过String-Matching Capture Filter Generator 生成。