[Winpcap-users] Which Packets Carry HTTP Info?

Winter Faulk nox.freak at gmail.com
Fri Feb 19 08:12:54 PST 2010 

If you use tcpdump you can try using the filter "tcp port 80 and
(((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)" or if you
are looking to develop your own program then you will want to sniff
data on TCP port 80 for HTTP traffic. If you are going to write your
own program then I would recommend that you start reading about the
OSI layers, how network traffic flows, and how tcp packets are
formatted.

You can also use the wireshark tool to sniff and filter out only HTTP
traffice or analyze tcpdump's dump files.


Thank you,

~----~---~~---~-~------~----~-~---~-~
 Winter Faulk
 nox.freak at gmail.com
 http://down-time.com
~----~---~~---~-~------~----~-~---~-~

"But I, being poor, have only my dreams;
I have spread my dreams under your feet;
Tread softly because you tread on my dreams."
-William Butler Yeats

~----~---~~---~-~------~----~-~---~-~
Good hosting: http://www.site5.com/in.php?id=68321



On Fri, Feb 19, 2010 at 7:16 AM, Joe Merchant <joemerchant at gmail.com> wrote:
> I've been reviewing packet info, winpcap, and other related stuff.
> I'm overloaded and a bit confused.
> I need to sniff all http traffic.If a user visits a web page, I need
> to sniff that page's html.
> I've got something very basic that works on one windows xp computer.
> I need it to work on windows xp,vista, win7.
> I need it to work if a user is on a network, a wireless connection, a
> home broadband connection.  Basically, if a user visits a web page on
> their pc, i need that page's details.
> That being said, from sample code I've reviewed on the net, I've seen
> all types of packet types (tcp, pdp, 802.11, ARP, etc.).  The sample I
> have running is getting http details from tcp packets.  Enter my
> confusion.  Do certain packet types carry http details?  So do I have
> to check for valid http packets within 802.11 packets, arp packets,
> etc?  At first I thought it was only tcp packets but the more I read,
> the more I'm confused.
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>

More information about the Winpcap-users mailing list