It took me 2 years, but I think now I love tcpdump. Before we go into why — what’s tcpdump?
tcpdump is a tool that will tell you about network traffic on your machine. I was scared of it for a long time and refused to learn how to use it. Now I am wiser and I am here to show you that tcpdump is awesome and there is no need to be scared of it. Let’s go!
So, now we know how to filter by IP and stuff, and use wireshark. Next, I want to tell you about
tshark, which is a command line tool that comes with Wireshark.
tcpdump doesn’t know about HTTP or other network protocols. It knows pretty much everything about TCP but it doesn’t care what you put inside your TCP packets. tshark knows all about what’s inside your TCP packets, though!
Let’s say I wanted to spy on all GET requests happening on my machine. That’s super easy with tshark: