I'm looking for a way to capture a whole tcp stream, but save it into the file only if 1) error happens (like RST) 2) not sure if possible - analyze the http response, store if HTTP 500 happen is a stream.
The network flow is high, so I'd like to aviod capturing whole traffic.
For the moment the tcpick may be the way:
Example:
log http data in unique files (client and server mixed together):
# tcpick -i eth0 "port 80" -wRub
I could then analyze the saved files, and remove the correct one - but it is an overkill :/
