Server Bug Fix: tcpdump, how to capture actual data only?

Original Source Link

For example I have a server listening on port 8001, a client programe open a tcp socket connect to that port, send some binary data, I want to capture the actual data only without any TCP/IP header such as tcp handshake stuff..

Is that possible with tcpdump?

Nope, the tcpdump haven’t features to exctract payload (cut off the headers). Also the aren’t any built-in features about deep analysis of application layer data. But you can write the traffic into the file, and extract the actual data with wireshark features.

You can obtain something similar using tcpdump -i any <your_filter> -A. From man tcpdump:

-A Print each packet (minus its link level header) in ASCII. Handy for capturing web pages.

To obtain a more focused dump (ie: remove some handshake packet) you can play with the filter rules, for example removing tcp-syn packet from filtering.

Tagged :

Leave a Reply

Your email address will not be published. Required fields are marked *