如何直接监控传入网络请求的路径？

Question

我使用nginx和php 7.2运行ubuntu服务器18.04。

我在同一台服务器上有多个域名。

如何仅使用终端监视服务器上所有网站上的传入流量。

我想把它实时列出如下：

http://example.com/path-1/
http://example.com/path-2/
http://example.com/path-3/

我在这个网站上尝试过许多可用的答案，但是没有一个达到目的。

请注意，我不想读取nginx或任何日志，我想监测实时传入流量请。

谢谢。

Answer 1

这些要求使这件事很难进行。一个粗略的解决方案是使用tcpdump (或者wireshark，如果首选)直接检查网络流量：

$ sudo tcpdump -n -tttt -i br0 port 80 -A | grep -A 1 GET

其中br0是我的接口名(一个桥)。我不托管该测试服务器上的多个站点，而是通过它的名称(s15)和ip地址(192.168.111.112)进行测试。实际的网页只是默认的apache网页：

doug@s15:~$ sudo tcpdump -n -tttt -i br0 port 80 -A | grep -A 1 GET
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 262144 bytes
2020-02-16 09:11:56.885246 IP 192.168.111.101.62720 > 192.168.111.112.80: Flags [P.], seq 1:481, ack 1, win 1026, length 480: HTTP: GET / HTTP/1.1
E...<.@...[...oe..op...P....J..)P.......GET / HTTP/1.1
Host: 192.168.111.112
--
2020-02-16 09:11:56.997078 IP 192.168.111.101.62720 > 192.168.111.112.80: Flags [P.], seq 481:920, ack 3526, win 1026, length 439: HTTP: GET /icons/ubuntu-logo.png HTTP/1.1
E...<.@...\...oe..op...P....J.$.P...._..GET /icons/ubuntu-logo.png HTTP/1.1
Host: 192.168.111.112
--
2020-02-16 09:12:25.021292 IP 192.168.111.101.62726 > 192.168.111.112.80: Flags [P.], seq 1:469, ack 1, win 8212, length 468: HTTP: GET / HTTP/1.1
E...<.@...[...oe..op...PC.1..L.CP. .H...GET / HTTP/1.1
Host: s15

您刚才提到您不想查看日志，但这要容易得多：

doug@s15:~$ tail /var/log/apache2/access.log
192.168.111.101 - - [16/Feb/2020:09:05:05 -0800] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://s15/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:05:20 -0800] "GET / HTTP/1.1" 200 3525 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:05:21 -0800] "GET /icons/ubuntu-logo.png HTTP/1.1" 200 3623 "http://192.168.111.112/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:05:21 -0800] "GET /favicon.ico HTTP/1.1" 404 493 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:06:15 -0800] "GET / HTTP/1.1" 200 3525 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:06:15 -0800] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://192.168.111.112/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:11:56 -0800] "GET / HTTP/1.1" 200 3525 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:11:56 -0800] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://192.168.111.112/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:12:25 -0800] "GET / HTTP/1.1" 200 3525 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:12:25 -0800] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://s15/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"

当然，过滤tcpdump输出的简单GET字符串很容易对返回的内容中的该字符串触发错误。