tcpdump
is a great tool when everything else fails. All you need is ssh
access:
For example: Show all HTTP GET
requests to the /ping
endpoint on port 8680
where the payload is more than 0
bytes:
# tcpdump -i any -nn -A -s 0 'tcp port 8680 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -A 5 -i "GET /ping"
Turned out, no Host
header was sent from the load balancer, causing the HTTP code in the server to fail and it therefore didn’t add entries to the access log , leaving us all in the dark until tcpdump
came along and saved the day.
#unix #linux #networking