In-depth HTTP traffic analysis using tcpdump & Wireshark

From time to time we're convinced that an error must be very close to the network card, OS IP stack or compiler. In reality this is quite rare, so before continuing, triple-check that the issue is not located between chair and keyboard...

If you're still convinced that a in-depth analysis of network traffic might help you, go on:

  • Find out the IP address the client causing trouble will come from.

  • Replace with the client address, log into your web server and run:

    remote$ sudo tcpdump host and port 80 -s 0 -w /tmp/network.dump

  • Copy the dump to your local machine:

    local$ scp $remote_host:/tmp/network.dump .

  • Load the dump:

    local$ wireshark network.dump

Thomas Eisenbarth