The problem is that we're failing to find the correct tcpdump arguments to only capture HTTP post requests (which is needed because a full tcpdump would quickly fill up the disk).įollowing command works find but shows GET's, POSTS and some other packets (too many): sudo tcpdump -A 'tcp port 9081 and (((ip - ((ip&0xf)>2)) != 0)'įollowing only capture POST request but in wireshark they show as TCP packets and we're not able to extract the URI from these (as we do for HTTP using custom value course covers a wide variety of IT security concepts, tools, and best practices.
The idea is to use tcpdump to capture these during a full regression test and then wireshark to get a distinct list of all URI's. For security purposes we want to list all POST requests URI's that are used in our applications (so we would disable POST through mod_security except for those URI's).