我使用此命令来监视本地 (macOS) HTTP 流量:
sudo tcpdump -A -s 0 'tcp port 4444 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -i lo0
我发挥了魔法,但也输出了不必要的字符:
{"message":"body"}
14:29:07.725362 IP localhost.64258 > localhost.krb524: Flags [P.],seq 1004:1579, ack 469, win 11768, options [nop,nop,TS val 1448865401 ecr 1448865398], length 575 E..s..@.@..............\...^Z.>...-..h.....
V[.yV[.vPOST /v2/8387efc52b0b6b14e83bcd1d1951bdb2 HTTP/1.1
Content-Type: application/json; charset=utf-8
应该是:
{"message":"body"}
POST /v2/8387efc52b0b6b14e83bcd1d1951bdb2 HTTP/1.1
Content-Type: application/json; charset=utf-8
最佳答案
假设您显示的输入:
{"message":"body"}
14:29:07.725362 IP localhost.64258 > localhost.krb524: Flags [P.],seq 1004:1579, ack 469, win 11768, options [nop,nop,TS val 1448865401 ecr 1448865398], length 575 E..s..@.@..............\...^Z.>...-..h.....
V[.yV[.vPOST /v2/8387efc52b0b6b14e83bcd1d1951bdb2 HTTP/1.1
Content-Type: application/json; charset=utf-8
这行 sed :
sed -e 's#^\(.*\)\(\(\(GET\|POST\|PUT\|DELETE\|OPTIONS\)\) /.*$\)#\2#g' input.txt | grep -E '({|Content-Type|GET|POST|PUT|DELETE|OPTIONS)'
将输出:
{"message":"body"}
POST /v2/8387efc52b0b6b14e83bcd1d1951bdb2 HTTP/1.1
Content-Type: application/json; charset=utf-8
这是您需要的吗?
关于linux - 从 tcpdump 输出中删除不必要的字符,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50741413/