System administrators usually need to monitor outgoing HTTP requests in Linux to keep an eye on the different websites their users are visiting and detect any malicious browsing activity. In this article, we will learn how to monitor outgoing HTTP requests in Linux.
How to Monitor Outgoing HTTP Requests in Linux
Here are the different ways to monitor outgoing HTTP requests in Linux.
1. Using watch & lsof
You can simply use a combination of watch & lsof command in Linux to get an idea of outgoing traffic on specific ports. Here is an example of outgoing traffic on ports 80 & 443.
$ watch -n1 lsof -i TCP:80,443
Here is a sample output.
dropbox 2280 saml 23u IPv4 56015285 0t0 TCP www.example.local:56003->snt-re3-6c.sjc.dropbox.com:http (ESTABLISHED) thunderbi 2306 saml 60u IPv4 56093767 0t0 TCP www.example.local:34788->ord08s09-in-f20.1e100.net:https (ESTABLISHED) mono 2322 saml 15u IPv4 56012349 0t0 TCP www.example.local:54018->204-62-14-135.static.6sync.net:https (ESTABLISHED) chrome 4068 saml 175u IPv4 56021419 0t0 TCP www.example.local:42182->stackoverflow.com:http (ESTABLISHED)
2. Using tcpdump
You can also use tcpdump command to capture all raw packets, on all interfaces, on all ports, and write them to file.
$ sudo tcpdump -i any -w /tmp/http.log &
Now when you run your browser or any application that makes HTTP requests, all the information will be logged in /tmp/http.log file.
If you want to stop recording, just kill it with the following command.
$ killall tcpdump
To read the recorded information, run the tcpdump command with -A option. It will print ASCII text in recorded packets, that you can browse using page up/down keys.
$ tcpdump -A -r /tmp/http.log | less
Here are some simple flags you can use to filter the required information from tcpdump.
-i Specify an interface -i eth0 tcp port xx tcp port 80 dst 188.8.131.52 specify a destination ip address
However, tcpdump cannot decrypt information, so you cannot view information about HTTPS requests in it.
It is best practice to record data for all network interfaces & ports, and refine the raw data as per your requirement, while reading it.
That’s it. In this short article, we have learnt how to monitor outgoing http requests in Linux. You can use these commands in almost every Linux system since they are universally available.