Using tcpdump to Spy on Webservers

I recently had to debug an error where stuff that should have been returned through a server to server call did not work correctly. Both servers - in development mode at least - was on my local machine. But since I had to hack either an external dependency or the sending server to find out what was actually being sent between the servers - I realized this was a great time to utilize the tcpdump tool.

As always when I need to remember something about some of the unix tools I use too seldom, I googled for “Julia Evans”, found her blog, and found a post about exactly what I had to do.

I had a oauth server running on port 3000, which should send some data on a route to my consumer app running on port 3001. For some reason the published gem (yes we are in ruby here) referenced data that was always nil.

I started tcpdump like so

sudo tcpdump -A port 3000 -i any

and went through the oauth login process. And sure enough I soon found the answer.

The data was in JSONAPI format, and the client expected it to be a raw json object. Quickly fixing the client gem with this new format, bumping the version, and releasing it - in less time than finding the bug by trying to do some puts-statement stuff instead.

So the next time you find yourself wondering what a given service sends/recieves via tcp, try out tcpdump - or visit Julia Evans blog for more tools you need to learn about.