使用httpclient发送http请求时有时会遇到一些奇怪的问题,线上程序又不能打断点调试,只能通过抓包来分析请求数据,ngrep和tcpdump都可以抓取http请求,相比tcpdump ngrep更轻量些,使用起来也比较简单。
ngrep 是grep的网络版,他力求更多的grep特征,用于搜寻指定的数据包。由于安装ngrep需用到ibpcap库, 所以支持大量的
操作系统和网络协议,能识别TCP、UDP和ICMP包。
应用举例:
捕获所有post请求(加个-W byline 参数后,将解析包中的换行符):
ranger@ranger:~$ sudo ngrep -q -W byline "(POST).*"
interface: eth0 (192.168.122.0/255.255.254.0)
match: (POST).*
T 192.168.122.74:46048 -> 140.207.228.58:80 [A]
POST /Hotel/OTA_HotelSearch.asmx?wsdl HTTP/1.1.
Content-Type: text/xml; charset=UTF-8.
SOAPAction: http://ctrip.com/Request.
Accept-Encoding: gzip, deflate.
Content-Length: 1330.
Accept: */*.
Accept-Language: zh-cn.
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0).
UA-CPU: x86.
Accept-Encoding: gzip, deflate.
Connection: close.
Host: openapi.ctrip.com.
.
<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <Request xmlns="http://ctrip.com/"> <requestXML><Request>
<Header AllianceID="***" SID="***" TimeStamp="1393554304685" RequestType="OTA_HotelSearch" Signature="B166CDF5422A6DA5BA81A08036E938E7"/>
<HotelRequest>
<RequestBody xmlns:ns="http://www.opentravel.org/OTA/2003/05" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<ns:OTA_HotelSearchRQ Version="1.0" PrimaryLangID="zh"
xsi:schemaLocation="http://www.opentravel.org/OTA/2003/05 OTA_HotelSearchRQ.xsd"参数说明:
-q is be quiet (don’t print packet reception hash marks)静默模式,如果没有此开关,未匹配的数据包都以“#”显示
-e is show empty packets 显示空数据包
-i is ignore case 忽略大小写
-v is invert match 反转匹配
-R is don’t do privilege revocation logic
-x is print in alternate hexdump format 以16进制格式显示
-X is interpret match expression as hexadecimal 以16进制格式匹配
-w is word-regex (expression must match as a word) 整字匹配
-p is don’t go into promiscuous mode 不使用混杂模式
-l is make stdout line buffered
-D is replay pcap_dumps with their recorded time intervals
-t is print timestamp every time a packet is matched在每个匹配的包之前显示时间戳
-T is print delta timestamp every time a packet is matched显示上一个匹配的数据包之间的时间间隔
-M is don’t do multi-line match (do single-line match instead)仅进行单行匹配
-I is read packet stream from pcap format file pcap_dump 从文件中读取数据进行匹配
-O is dump matched packets in pcap format to pcap_dump 将匹配的数据保存到文件
-n is look at only num packets 仅捕获指定数目的数据包进行查看
-A is dump num packets after a match匹配到数据包后Dump随后的指定数目的数据包
-s is set the bpf caplen
-S is set the limitlen on matched packets
-W is set the dump format (normal, byline, single, none) 设置显示格式byline将解析包中的换行符
-c is force the column width to the specified size 强制显示列的宽度
-P is set the non-printable display char to what is specified
-F is read the bpf filter from the specified file 使用文件中定义的bpf(Berkeley Packet Filter)
-N is show sub protocol number 显示由IANA定义的子协议号
-d is use specified device (index) instead of the pcap default 使用哪个网卡,可以用-L选项查询
-L is show the winpcap device list index 查询网卡接口