I want to be able to read the URL GET requests coming to my server, ex: "www.JohnAlexINL.com/ping" or "http://johnalexinl.com/", et cetera.
I've tried using TCPDump, but it gives me a bunch of garbled nonsense that I can't figure out how to translate back into the original request (I can track the sources and read the packets, but I can't get them back into a URL). I've also tried just listening on my TCP/UDP/HTTP ports, but that causes compatibility issues with Apache, effectively shutting my website down
I tried this first
sudo tcpdump -vv -x -i lo 'port 80'
and without 'port 80' later
sudo tcpdump -vv -x -i lo
I tried a few other configurations and having it save to a file and sifting through it, but I was doing that in IDLE, so I don't remember anymore exactly how I typed it all out. Sorry for that
I was hoping I would see the TCP "Handshake", a GET request, and some packets in response that have the actual data in them.
I got something somewhat similar, but not that I can actually use, since it only says what data has been moved -- not the request that warranted the response.
An excerpt:
19:45:25.293910 IP (tos 0x0, ttl 64, id 4474, offset 0, flags [DF], proto UDP (17), length 103)
localhost.domain > localhost.36156: [bad udp cksum 0xfe9a -> 0xee1b!] 30218 q: PTR? 53.0.0.127.in-addr.arpa. 1/0/1 53.0.0.127.in-addr.arpa. PTR localhost. ar: . OPT UDPsize=65494 (75)
0x0000: 4500 0067 117a 4000 4011 2ad6 7f00 0035
0x0010: 7f00 0001 0035 8d3c 0053 fe9a 760a 8180
0x0020: 0001 0001 0000 0001 0235 3301 3001 3003
0x0030: 3132 3707 696e 2d61 6464 7204 6172 7061
0x0040: 0000 0c00 01c0 0c00 0c00 0100 0000 0000
0x0050: 0b09 6c6f 6361 6c68 6f73 7400 0000 29ff
0x0060: d600 0000 0000 00
You’re using entirely the wrong toolset. Choose a simple web framework like web.py and follow the examples.