So I need to debug an application which posts xml to a 3rd party application, this was failing but being very unspecific as to why.
What I wanted to do was manually send the data, but I needed to capture it first, so after a bit of digging I came up blank with an easy way to get the infomation out of tcpdump, but…. I found a brilliant little perl script which does all the hard work – you just check it a tcpdump output file, and it does all the manipulation and outputs everything you need..
The script is called chaosreader0.94 see http://www.darknet.org.uk/2007/11/chaosreader-trace-tcpudp-sessions-from-tcpdump/
It worked like a treat, I did the following:
tcpdump host www.blah.com -s 9000 -w outputfile; perl chaosreader0.94 outputfile
it generated me a load of files, headed up by index.html, when you put these files into a web server, and open index.html you get a few options. See below.
File: out1, Type: tcpdump, Created at: Thu May 21 11:56:59 2009
|1.||Thu May 21 11:56:48 2009||5 s||192.168.x.x:50624 -> 192.168.x.x:80||http||80515 bytes||
|2.||Thu May 21 11:56:54 2009||0 s||192.168.x.x:50633 -> 192.168.x.x:80||http||84451 bytes||
TCP Port Count
UDP Port Count
IP Protocol Count
Ethernet Type Count
Clicking the session links gave me all the information I needed.