monitor outgoing http requests in ubuntu

How to Monitor Outgoing HTTP Requests in Linux

System administrators usually need to monitor outgoing HTTP requests in Linux to keep an eye on the different websites their users are visiting and detect any malicious browsing activity. In this article, we will learn how to monitor outgoing HTTP requests in Linux.


How to Monitor Outgoing HTTP Requests in Linux

Here are the different ways to monitor outgoing HTTP requests in Linux.


1. Using watch & lsof

You can simply use a combination of watch & lsof command in Linux to get an idea of outgoing traffic on specific ports. Here is an example of outgoing traffic on ports 80 & 443.

$ watch -n1 lsof -i TCP:80,443

Here is a sample output.

dropbox    2280 saml   23u  IPv4 56015285      0t0  TCP www.example.local:56003->snt-re3-6c.sjc.dropbox.com:http (ESTABLISHED)
thunderbi  2306 saml   60u  IPv4 56093767      0t0  TCP www.example.local:34788->ord08s09-in-f20.1e100.net:https (ESTABLISHED)
mono       2322 saml   15u  IPv4 56012349      0t0  TCP www.example.local:54018->204-62-14-135.static.6sync.net:https (ESTABLISHED)
chrome    4068 saml  175u  IPv4 56021419      0t0  TCP www.example.local:42182->stackoverflow.com:http (ESTABLISHED)


2. Using tcpdump

You can also use tcpdump command to capture all raw packets, on all interfaces, on all ports, and write them to file.

$ sudo tcpdump -i any -w /tmp/http.log &

Now when you run your browser or any application that makes HTTP requests, all the information will be logged in /tmp/http.log file.

If you want to stop recording, just kill it with the following command.

$ killall tcpdump

To read the recorded information, run the tcpdump command with -A option. It will print ASCII text in recorded packets, that you can browse using page up/down keys.

$ tcpdump -A -r /tmp/http.log | less

Here are some simple flags you can use to filter the required information from tcpdump.

-i Specify an interface
-i eth0

tcp port xx
tcp port 80

dst 1.2.3.4
specify a destination ip address

However, tcpdump cannot decrypt information, so you cannot view information about HTTPS requests in it.

It is best practice to record data for all network interfaces & ports, and refine the raw data as per your requirement, while reading it.

That’s it. In this short article, we have learnt how to monitor outgoing http requests in Linux. You can use these commands in almost every Linux system since they are universally available.

Also read:

How to Pair Airpods Pro With Ubuntu
How to Repeat Strings N Times in Python
How to Delete Last Field in Linux
How to Harden Apache Server in CentOS
How to Display Specific Columns in Linux

Leave a Reply

Your email address will not be published. Required fields are marked *