Getting HTTP traffic details from tcpdump

Yestarday i had one issue to verify where i had to make sure that our backend part is sending POST requests with id's to third party server.  Server didn't have GUI , so i couldn't use Wireshark for that ( or could, but just don't know how:) ) and i googled for possible solutions.  So, here're two possible ways that could help you out in such case :
1) Basic one is simply run
 tcpdump -w output.log
and then download this file on your computer, open it in Wireshark and analize with it

2) Or you could try to analyze it in console with this commands :) :
# tcpdump filter for HTTP GET 
sudo tcpdump -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'

# tcpdump filter for HTTP POST
sudo tcpdump -s 0 -A 'tcp dst port 80 and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)'

# monitor HTTP traffic including request and response headers and message body
# cf. https://sites.google.com/site/jimmyxu101/testing/use-tcpdump-to-monitor-http-traffic
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2 data-blogger-escaped--="" data-blogger-escaped-tcp="" data-blogger-escaped-xf0="">>2)) != 0)'
tcpdump -X -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2 data-blogger-escaped--="" data-blogger-escaped-tcp="" data-blogger-escaped-xf0="">>2)) != 0)'

2) But the easiest and way more better looking option is to use Chaosreader . The script is called chaosreader0.94. See here for more details.  So, you just need to :

  1. Run this

  2.  tcpdump host 93.23.40.50 -s 9000 -w outputfile; perl chaosreader0.94 outputfile
  3. You can use both IP address of the server or it's direct http url
  4. Generate traffic
  5. Hit Ctrl+C and look for resuls in html file that chaosreader0.94 will generate for us.