For some reason, Wireshark keeps crashing X11 on my machine, so it isn't an option. If you have the same problem, here is how to capture and decode HTTP traffic from the command line, using tcpdump:
tcpdump -n -i en1 -s 0 -A port 80 and host www.yahoo.com
Options:
| -n | Don't convert addresses to hostnames |
| -i en1 | Interface to listen on. en0 is the wired interface and en1 is the wireless on a MacBook Pro |
| -s 0 | Snarf the required length to catch whole packets |
| -A | Print each packet (minus its link level header) in ASCII |
| <expr> | Packet match expression. My example of port 80 and host www.yahoo.com says to only print packets that have a source or destination port of 80 and a source or destination host of www.yahoo.com. There are many other qualifiers, such as portrange, net, src, dst, inbound, outbound, ether, fddi, ip, ip6, arp, tcp, udp. See the manual page for more info. |
For more info, at the terminal, type man tcpdump