From time to time I need a network sniffer for debugging HTTP traffic. In most of the cases I use tcpdump, tshark or wireshark. But these tools were not sufficient in all cases. So I looked out for other tools and it seems I found a very cool console based network sniffer for analyzing HTTP traffic on linux: justniffer.
It is not limited to HTTP. It can help in toubleshooting perfomance in several network TCP based services like HTTP, SIP, SMTP, IMAP, POP, LDAP and so on.
One nice feature of justniffer is that the output format of the traffic can be customized easily. An example written in python is the
justniffer-grab-http-traffic script which uses the parser script
http_parser.py. Both are delivered with the official package. The
Another nice feature: Justniffer can save the sniffed HTTP transactions as apache access logs. It can include the response times which is very useful to debug performance issues.
Those two were enough for me to give it a try. And the result looks very nice. I am pretty sure there are other important features in justniffer but I haven’t tried them yet.
Installing justniffer on Ubuntu 10.10 (x86_64)
Justniffer can be downloaded from the sourceforge.net downloads.
It comes as deb package – yeah!
Having the package it can easily be installed using
gdebi which allows installing local packages while resolving dependencies using the apt package repositories:
sudo gdebi justniffer_0.5.8_amd64.deb
Using justniffer to record whole HTTP traffic
Start sniffing the HTTP traffic on interface
wlan0 and store the sniffed files in
mkdir /tmp/test sudo justniffer-grab-http-traffic -d /tmp/test -i wlan0 -U lm
This stores the HTTP traffic in a log file which is formated like the apache access log:
sudo justniffer -i wlan0 > /tmp/test/http_log