[linux] Netstat won't display full foreign URLs *Solved*

"Please leave a message at the beep, we will get back to you when your support contract expires."

Moderators: phlip, Moderators General, Prelates

User avatar
PatchMonster
Posts: 91
Joined: Thu Aug 07, 2008 4:01 pm UTC
Location: Maryland, USA
Contact:

[linux] Netstat won't display full foreign URLs *Solved*

Postby PatchMonster » Fri Mar 13, 2009 6:48 pm UTC

I need to get the full foreign URL in a TCP connection, and netstat only displays an abridged version of it.

Example:

Code: Select all

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State     
tcp        1      1 PatchMonster.loca:44726 musicservices.myspa:www LAST_ACK   
tcp        0      0 PatchMonster.loca:44731 musicservices.myspa:www ESTABLISHED
tcp        1      1 PatchMonster.loca:44625 google.navigation.o:www LAST_ACK   
tcp        0      0 PatchMonster.loca:59033 a204-245-162-33.dep:www ESTABLISHED
tcp        1      1 PatchMonster.loca:46407 216.178.33.50:www       LAST_ACK   
tcp        0      0 PatchMonster.loca:44730 musicservices.myspa:www ESTABLISHED
tcp        0      0 PatchMonster.loca:44725 musicservices.myspa:www ESTABLISHED
tcp        1      1 PatchMonster.loca:56488 208.71.122.23:www       LAST_ACK   
tcp        0      0 PatchMonster.loca:44724 musicservices.myspa:www ESTABLISHED
tcp        1      1 PatchMonster.loca:56488 208.71.122.23:www       LAST_ACK   
tcp        0      0 PatchMonster.loca:44724 musicservices.myspa:www ESTABLISHED



I've read the manual on netstat, but I couldn't manage to find an option to display the full foreign URL. Is there any other way you might suggest getting this URL? Or is there something I missed in the man? I need to use netstat because the connection is made through a flash swf.

Thanks in advance :P
Last edited by PatchMonster on Sat Mar 14, 2009 7:47 am UTC, edited 1 time in total.
The liberal media has a hidden agenda!

User avatar
hotaru
Posts: 1045
Joined: Fri Apr 13, 2007 6:54 pm UTC

Re: [linux] Netstat won't display full foreign URLs

Postby hotaru » Fri Mar 13, 2009 7:21 pm UTC

PatchMonster wrote:I need to get the full foreign URL in a TCP connection, and netstat only displays an abridged version of it.

netstat just lists the connections, it doesn't look at the data going over those connections.

PatchMonster wrote:Is there any other way you might suggest getting this URL?

tcpdump should work.

Code: Select all

factorial product enumFromTo 1
isPrime n 
factorial (1) `mod== 1

User avatar
PatchMonster
Posts: 91
Joined: Thu Aug 07, 2008 4:01 pm UTC
Location: Maryland, USA
Contact:

Re: [linux] Netstat won't display full foreign URLs

Postby PatchMonster » Sat Mar 14, 2009 4:07 am UTC

Thanks for the suggestion, I tried tinkering around with TCPDump and couldn't get what I needed, however. Would there be any hope of discovering what values were sent in the original URL? The domain doesn't help much; I'm trying to figure out how the swf generates the URLs to where files are stored. I know very little about flash, but perhaps I could decompile it.
The liberal media has a hidden agenda!

User avatar
phlip
Restorer of Worlds
Posts: 7572
Joined: Sat Sep 23, 2006 3:56 am UTC
Location: Australia
Contact:

Re: [linux] Netstat won't display full foreign URLs

Postby phlip » Sat Mar 14, 2009 6:15 am UTC

HTTP connections made by Flash are routed through the browser (so they can take advantage of proxy settings and such). So they usually get picked up by any connection-sniffing tools your browser has. If you're using Firefox, either the Net pane of Firebug, or Live HTTP Headers are quite good.

If you really need to pull it off the wire, then you can capture it with Wireshark (or tcpdump, if you're masochistic). You have to capture the start of the connection, 'cause that's the only place the full URI is. The first message sent to the server on a connection (after the 3-way SYN handshake) will start "GET /some/path/to/wherever HTTP/1.1" - that bit in the middle is the URI. Stick that after the host name (which will appear later in the request headers, on a line starting "Host: ") and away you go.

Code: Select all

enum ಠ_ಠ {°□°╰=1, °Д°╰, ಠ益ಠ╰};
void ┻━┻︵​╰(ಠ_ಠ ⚠) {exit((int)⚠);}
[he/him/his]

User avatar
PatchMonster
Posts: 91
Joined: Thu Aug 07, 2008 4:01 pm UTC
Location: Maryland, USA
Contact:

Re: [linux] Netstat won't display full foreign URLs

Postby PatchMonster » Sat Mar 14, 2009 7:45 am UTC

phlip wrote:HTTP connections made by Flash are routed through the browser (so they can take advantage of proxy settings and such). So they usually get picked up by any connection-sniffing tools your browser has. If you're using Firefox, either the Net pane of Firebug, or Live HTTP Headers are quite good.

If you really need to pull it off the wire, then you can capture it with Wireshark (or tcpdump, if you're masochistic). You have to capture the start of the connection, 'cause that's the only place the full URI is. The first message sent to the server on a connection (after the 3-way SYN handshake) will start "GET /some/path/to/wherever HTTP/1.1" - that bit in the middle is the URI. Stick that after the host name (which will appear later in the request headers, on a line starting "Host: ") and away you go.


Live HTTP Headers did the trick - an invaluable add-on. I was originally making a MySpace music downloader for some fun (yes, impractical), but it turns out the coders did their homework and I get a 403 when I try to access the files. I gave up since that field isn't exactly my expertise and decided to write a program to download and store a ProjectPlaylist playlist, which is much easier and practical. I tracked the requests to an XML file that accepts IDs of playlists that lists all the data sources I need :).

Thank you very much, Philp :D
The liberal media has a hidden agenda!


Return to “The Help Desk”

Who is online

Users browsing this forum: No registered users and 4 guests