Record http traffic with tcpdump

If you’ll ever had to debug SOAP or REST Services, where you don’t have access to the raw request/response, you will like this. You can record that kind of http traffic with tcpdump. The UNIX tool tcpdump (install with brew install tcpdump or apt-get install tcpdump) can record all network traffic on your system. But because we already know we need only HTTP traffic we can make our life a bit easier!

To monitor HTTP traffic including request and response headers and message body:

tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

To monitor HTTP traffic including request and response headers and message body from a particular source:

tcpdump -A -s 0 'src example.com and tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

To monitor HTTP traffic including request and response headers and message body from local host to local host:
```
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -i lo
```
To only include HTTP requests, modify “tcp port 80” to “tcp dst port 80” in above commands
Capture TCP packets from local host to local host (loopback):
```
tcpdump -i lo
```

Source: https://sites.google.com/site/jimmyxu101/testing/use-tcpdump-to-monitor-http-traffic