How to inspect HTTP traffic with tcpdump and ngrep

Tagged tcpdump, http, ngrep  Languages bash


ngrep is one alternative to tcpdump:

$ sudo ngrep -q -d lo0 -W byline host localhost and dst port 3002

The command will listen to interface lo0 and print all traffic destined for localhost port 3002.


Write traffic on port 80 (HTTP) to a file. Rotate log file after 10Mb. Keep 5 files.

$ sudo tcpdump port 80 -n -i any -w /tmp/traffic -p -C 10 -W 5 -s 1500

This gist shows how to monitor HTTP requests.

On OSX remember to install tcpdump with brew:

$ brew install tcpdump