Capturing traffic with tcpdump on Linux CentOS 5.7 machine running Apache httpd and analyzing in Wireshark. IE browser user-agent is somethimes captured fine in both the http log and network traffic captured http get request. And sometimes only in the http log. However the BlackBerry 7 (9810 Torch) browser 'user-agent' string is captured in http log, but is never in the network traffic captured http get request. Why is the 'user-agent' not in the http get request network traffic capture? Thanks HTTP Log Entry: n.n.n.n - - [02/Mar/2012:19:00:20 -0800] "GET /bbua.html HTTP/1.1" 200 467 "" "Mozilla/5.0 (BlackBerry; U; BlackBerry 9810; en-US) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.0.0.261 Mobile Safari/534.11+" n.n.n.n - - [02/Mar/2012:19:37:07 -0800] "GET /bbua.html HTTP/1.1" 200 467 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 1.1.4322; InfoPath.3; MS-RTC LM 8; .NET4.0C; .NET4.0E)" Network Traffic HTTP Get Capture: GET /bbua.html HTTP/1.1 Accept-Language: asked 02 Mar '12, 19:48  NOYB edited 03 Mar '12, 08:30  SYN-bit ♦♦ |
One Answer:
Never mind. I figured it out about 30 seconds after hitting the submit button. tcpdump -s options (packet truncation). answered 03 Mar '12, 08:30 SYN-bit ♦♦ |
The proper way to answer your own question, is to do exactly that :-)
I'll edit your question and put your own answer in a answer for you, so people can lrean from your experience too...