skybert's Blog

skybert's Avatar Image
Coder of systems, lover of languages, follower of Christ. 台灣女婿
← All posts

tcpdump is a great tool when everything else fails. All you need is ssh access:

For example: Show all HTTP GET requests to the /ping endpoint on port 8680 where the payload is more than 0 bytes:

# tcpdump -i any -nn -A -s 0 'tcp port 8680 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -A 5 -i "GET /ping"

Turned out, no Host header was sent from the load balancer, causing the HTTP code in the server to fail and it therefore didn’t add entries to the access log , leaving us all in the dark until tcpdump came along and saved the day.

#unix #linux #networking

To like or reply, open original post on Emacs.ch