Use ngrep to monitor all web requests

I can never remember the syntax to do this, so I posted it here.

ngrep -d eth1 -W byline -qilw 'get' tcp dst port 80

-d eth1 (monitor eth1)

So why would one want to do this?

  • Monitor requests on a web server with many websites. Sometimes it can be difficult to determine which site is being hammered
  • Observe malware as it phones home. This works great if your linux box is acting as the gateway for your network
  • Spy on your coworkers 🙂
  • Reverse engineer licensing schemes
  • … you get the idea
This entry was posted in Linux, Malware. Bookmark the permalink.

Comments are closed.