Log http data in unique files using tcpick

Question

I'm trying to use tcpick to log http data in unique files (client and server mixed together). This is one of the examples from tcpick's man page:

$ tcpick -i eth0 "port 80" -wRub

I expected this to write the tcp stream to a file named <ip_client>_<ip_server>_<port_server>.tcpick, but it seems that no file gets written at all.

Does anyone have an explanation for this? I'm running tcpick 0.2.1 on Ubuntu 12.04.1 LTS.

score 0 · Answer 1 · answered May 13 '13 at 22:25

0

This is probably too old to be of help, but ... My first guess would be that it's not seeing any traffic on eth0 port 80. If you "tcpdump -i eth0 port 80" do you get any traffic? If not, how about just "tcpdump -i eth0"? Answers to those might shed light.

When I run the above command (with appropriate interface name for my system), I get many files created. tcpick 0.2.1 on FreeBSD 9.1.

answered May 13 '13 at 22:25

Mark Costlow

31
2

Thanks for your answer, Mark. IIRC, I did make sure there was traffic on port 80. I have since picked [Justniffer](http://justifier.sf.net) as my HTTP sniffing tool of choice. – otto.poellath May 15 '13 at 08:54
Cool -- Justniffer looks useful – Mark Costlow May 30 '13 at 20:09

Log http data in unique files using tcpick

1 Answers1