HTTP Header Grabber


hdrgrab sniffs HTTP headers off the wire and writes them into files into the current working directory.

Requests and responses are written into separate files, with '-req' and '-res' identifying each type, respectively.

Each file contains the sets of header fields, separated by blank lines.

Note that hdrgrab makes some effort to remove connection (hop-by-hop) headers, but does not case normalise their names, or manipulate their values.

First you'll need Node and its package manager, npm.

Then, hdrgrab can be installed with npm like this:

sudo npm -g install hdrgrab

which will install dependencies automatically.

Under the covers, hdrgrab relies upon node_pcap, optimist, and


Start it up like this:


which will sniff on port 80 and dump headers into the current directory.

hdrgrab 8000

will sniff on port 80.

On some operating systems, you may need to specify the interface to listen on. For example:

hdrgrab 8000 eth0

and in some cases, you may need permission to listen to the device, making the appropriate command line something like:

sudo hdrgrab 8000 eth0

If npm complains about problems with pcap, like this:

npm ERR! Failed at the pcap@0.2.7 install script.

it usually means that it couldn't find libpcap when building. See the instructions here: https://github.com/mranney/node_pcap.

On my OSX machine, I have to build like this (becoming root first):

CXXFLAGS=-I/opt/local/include npm -g install hdrgrab

because my pcap headers are in a non-standard place (thanks to MacPorts). YMMV.

Mark Nottingham mnot@mnot.net