tcpdump只抓取HTTP报文头部

因为要做一个需求，我需要调研现网请求http头部的大小，都有什么字段，shell脚本代码如下所示

#! /bin/bash    s_512=0  s_512_1k=0  s_1k_2k=0  s_2k_4k=0  s_4k_8k=0  s_8k=0    idx=0    while true  do       if (($idx >= 10000));then         break     fi       tcpdump "tcp[20:2]=0x4854" -i eth0 -nn  -A -c 1 | sed "s/.*HTTP/HTTP/g" > tmp_http_header.log     cat tmp_http_header.log >> http_header.log     #notice ^M CTRL-V Shift-M     #cat -v     #sed -n '/HTTP/,/^^M/p' tmp_http_header.log     #  ^M is special character     sed -i -e 's/^^M$/vaynedu_test_http/g' tmp_http_header.log     header_num=`cat tmp_http_header.log | grep  -A100 "HTTP" | grep -m1 -B100  "vaynedu_test_http" | grep -v "vaynedu_test_http" | wc -c `    # echo $header_num       if (($header_num < 512));then         let s_512++     elif (($header_num < 1024));then         let s_512_1k++     elif (($header_num < 2048));then         let s_1k_2K++         echo "vaynedu_1k_2k $header_num" >> http_header.log     elif (($header_num < 4096));then         let s_2k_4k++         echo "vaynedu_2k_4k $header_num" >> http_header.log     elif (($header_num < 8192));then         let s_4k_8k++         echo "vaynedu_4k_8k $header_num" >> http_header.log     else         let s_8k++         echo "vaynedu_8k    $header_num" >> http_header.log     fi       let idx++  done    >count_result.txt  echo "http header size:"  >> count_result.txt  echo "[0, 512) : $s_512" >> count_result.txt  echo "(512,1k] : $s_512_1k" >> count_result.txt  echo "(1k, 2k] : $s_1k_2k"  >> count_result.txt  echo "(2k, 4k] : $s_2k_4k"  >> count_result.txt  echo "(4k, 8k] : $s_4k_8k"  >> count_result.txt  echo "(8k, ++] : $s_8k"  >> count_result.txt  

注意注意^M是特殊字符是特殊字符

抓取1w个http请求，并且将这些头部保存下来，统计1w请求http头部大小在哪个区间，下面效果展示

原文出处：csdn -> https://blog.csdn.net/lotluck/article/details/79797117