decodehttp
Decodes the HTTP header in the packets.
Syntax
decodehttp
Description
The output fields are as follows:
- dst_ip: Destination IP address (IP address)
- dst_port: Destination port (integer)
- host: Name of the web server in the FQDN (Fully Qualified Domain Name) format (string)
- method: HTTP method (string)
- path: Resource path (string). Typically, the URI (Uniform Resource Identifier). Refer to: https://tools.ietf.org/html/rfc3986
- rcvd: Data received by the client from the server (bytes)
- req_time1: Time the HTTP request is initiated (Epoch timestamp)
- req_time2: Time the HTTP request is completed (Epoch timestamp)
- res_time1: Time the HTTP response is initiated (Epoch timestamp)
- res_time2: Time the HTTP response is completed (Epoch timestamp)
- sent: Data sent by the client to the server (bytes)
- src_ip: Source IP address (IP address type)
- src_port: Source port (integer)
- status: HTTP response code of the server (ingeter). Refer to: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
Usage
Decode HTTP packets from a pcap file.
pcapfile /opt/logpresso/pcap/abnormal_traffic.pcap | decodehttp