1HTTPRY(1) General Commands Manual HTTPRY(1)
2
6 httpry - HTTP logging and information retrieval tool
7
9 httpry [ -dFpq ] [ -b file ] [ -f format ] [ -i device ] [ -m methods ]
10 [ -n count ] [ -o file ] [ -P file ] [ -r file ] [ -S bytes ] [ -u user
11 ] [ 'expression' ]
12 httpry -s [ -l threshold ] [ -t seconds ]
13 httpry -h
14
16 httpry is a tool designed for displaying and logging HTTP traffic. It
17 is not designed to perform analysis itself, but instead to capture,
18 parse and log the traffic for later analysis. It can be run in real-
19 time displaying the live traffic on the wire, or as a daemon process
20 that logs to an output file.
21
23 -b file
24 Write all processed HTTP packets to a binary pcap dump file.
25 Useful for further analysis of logged data.
26 -d Run the program as a daemon process. All program status output
28 will be sent to syslog. A pid file is created for the process in
29 /var/run/httpry.pid by default. Requires an output file speci‐
30 fied with -o.
31 -f format
33 Provide a comma-delimited string specifying the parsed HTTP data
34 to output. See the doc/format-string file for further informa‐
35 tion regarding available options and syntax.
36 -F Disable all output buffering. This may be helpful when piping
38 httpry output into another program.
39 -h Display a brief description of these options.
41 -i device
43 Specify an ethernet interface for the program to listen on. If
44 not specified, the program will poll the system for a list of
45 interfaces and select the first one found.
46 -l threshold
48 Specify a requests per second rate threshold value when running
49 in rate statistics mode (-s). Only hosts with a rps value
50 greater than or equal to this number will be displayed. Defaults
51 to 1.
52 -m methods
54 Provide a comma-delimited string that specifies the request
55 methods to parse. The program defaults to parsing all of the
56 standard RFC2616 method strings if this option is not set. See
57 the doc/method-string file for more information.
58 -n count
60 Parse this number of HTTP packets and then exit. Defaults to 0,
61 which means loop forever.
62 -o file
64 Specify an output file for writing parsed packet data.
65 -p Do not put the NIC in promiscuous mode on startup. Note that the
67 NIC could already be in that mode for another reason.
68 -P file
70 Specify a path and filename for creating the PID file in daemon
71 mode.
72 -q Suppress non-critical output (startup banner, statistics, etc.).
74 -r file
76 Provide an input capture file to read from instead of performing
77 a live capture. This option does not require root privileges.
78 -s Run httpry in an HTTP request per second display mode. This
80 periodically displays the rate per active host and total rate at
81 a specified interval.
82 -S Specify a number of bytes to skip in the ethernet header. This
84 allows for custom header offsets to be accounted for.
85 -t seconds
87 Specify the host statistics display interval in seconds when
88 running in rate statistics mode (-s). Defaults to 5 seconds.
89 -u user
91 Specify an alternate user to take ownership of the process and
92 any output files. You will need root privileges to do this; it
93 will switch to the new user after initialization.
94 'expression'
96 Specify a bpf-style capture filter, overriding the default. Here
97 are a few basic examples starting with the default filter:
98 'tcp port 80 or 8080'
100 'tcp dst port 80'
101 'tcp dst port 80 and src host 192.168.1.1'
102 These filters will capture all web traffic both directions on
104 two common ports, capture only requests made to port 80, and
105 capture requests to port 80 by a particular host, respectively.
106 See 'man tcpdump' for further information on the syntax and
107 available primitives.
108
110 httpry was written by Jason Bittel <jason.bittel@gmail.com>. See
111 included COPYING file for specific licensing information
112 HTTPRY(1)