From owner-freebsd-questions Thu Jun 6 3:20:35 2002 Delivered-To: freebsd-questions@freebsd.org Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201]) by hub.freebsd.org (Postfix) with ESMTP id 0E68C37B40D for ; Thu, 6 Jun 2002 03:20:21 -0700 (PDT) Received: from sheldonh (helo=axl.seasidesoftware.co.za) by axl.seasidesoftware.co.za with local-esmtp (Exim 3.36 #1) id 17FuNv-0000vC-00 for freebsd-questions@FreeBSD.org; Thu, 06 Jun 2002 12:20:51 +0200 From: Sheldon Hearn To: freebsd-questions@FreeBSD.org Subject: Sniffing HTTP requests off the wire Date: Thu, 06 Jun 2002 12:20:51 +0200 Message-ID: <3545.1023358851@axl.seasidesoftware.co.za> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi folks, There are times when I'd like to sniff the HTTP requests seen by my firewall. Although I can use smbfs to mount the IIS logs of the protected web servers, the Wintendo servers lock the currently active log file such that I can't cp or grep it (or anything it, actually). Very annoying. I'm interested in the HTTP request and the IP address of the requesting host. I'm also interested in the HTTP headers( like referer), cookie contents etc, but that's all secondary. I know I can just use 'tcpdump -s 1500 -x -X dst port 80' and cook the output myself, but I'm hoping there's already something out there that does the cooking for me. First prize would be to get output in common log format, as used by Apache, but obviously beggars can't be choosers. Anything in the ports tree? Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message