How to capture HTTP traffic with tcpdump

Capture and inspect HTTP request and response data on port 80 using tcpdump packet filtering.

How to capture HTTP traffic with tcpdump
Prerequisites
Step-by-Step: Capture HTTP Traffic with tcpdump
Common Issues When Capturing HTTP with tcpdump

How to capture HTTP traffic with tcpdump

Capture and inspect HTTP request and response data on port 80 using tcpdump packet filtering.

Prerequisites

tcpdump installed with root or sudo access.

Step-by-Step: Capture HTTP Traffic with tcpdump

Capture all TCP traffic on port 80 with ASCII output. tcpdump shows HTTP headers and body text:
```
sudo tcpdump -i eth0 -A port 80
```

Filter by a specific host to reduce noise:

sudo tcpdump -i eth0 -A host 203.0.113.1 and port 80

Save the capture to a file for analysis in Wireshark:

sudo tcpdump -i eth0 -w /tmp/http-capture.pcap port 80 -c 500

Common Issues When Capturing HTTP with tcpdump

HTTPS traffic (port 443) is encrypted — tcpdump shows the TLS handshake but cannot display the HTTP content. Use a TLS-terminating proxy or the application's access logs to inspect HTTPS request details.