这里写目录标题
在 Linux 上监听 HTTP 端口的报文,有多种工具可以实现。以下是几种常用方法的详细说明:
1. 使用 tcpdump(原始报文捕获)
安装(如未安装):
sudo apt install tcpdump # Debian/Ubuntu
sudo yum install tcpdump # CentOS/RHEL
监听 HTTP 端口(80):
sudo tcpdump -i any -A -s0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
- -i any:监听所有网卡。
- -A:以 ASCII 格式打印报文内容(可读的 HTTP 文本)。
- -s0:捕获完整数据包(避免截断)。
- 过滤表达式:只显示 HTTP 负载(跳过空包)。
监听的报文如下,请帮我(非专业运维人员)翻译和分析各项的含义:
15:24:55.356938 IP 222.223.250.226.synel-data > k8s01.31170: Flags [P.], seq 1589037497:1589038667, ack 655460479, win 229, length 1170
E.....@.?.............y.^...'...P.......POST /ais/bot/openapi/dcc/dialog HTTP/1.0
Host: stdai.sjzwltszkj.com
X-Real-IP: 222.223.250.233
X-Forwarded-For: 222.223.250.233
X-Forwarded-Proto: https
X-Original-URI: /api/dcc/dialog
Connection: close
Content-Length: 540
Authorization: Signature keyId="Fnrk6FDwdPe5uyHGmcvp",algorithm="hmac-sha256",headers="@request-target x-date x-tenantid x-userid x-source",signature="y07R24YL0glgfzkBVwZRYMZ4r8MlEF/zSRZsBLrR8Xk="
x-source: KS
x-userid: 8616349643650957312
x-tenantid: sjz
x-date: Mon, 07 Jul 2025 07:23:07 GMT
Content-Type: application/json; charset=utf-8
Accept-Encoding: gzip
User-Agent: okhttp/4.12.0
{"variableMap":null,"agentCode":"agent1048486107377569792","channelId":null,"chatType":"chat","query":"...........................","content":"...........................","sessionId":"845b0b19-5b2f-4c4b-96ea-fbfb3f6ca46f","messageId":"59e93a9d-67a2-4e14-8556-e7aaeb6cb864","userId":"8616349643650957312","debug":nul