tcpdump -A -i wlan0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]

1.  tcpdump -A -i wlan0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
2. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
3. listening on wlan0, link-type EN10MB (Ethernet), capture size 65535 bytes
4. 23:18:22.056142 IP 192.168.0.150.48332 > static.88-198-16-186.clients.your-server.de.www: Flags [P.], seq 1535642909:1535643390, ack 439153789, win 229, options [nop,nop,TS val 23715879 ecr 355843572], length 481
5. ..,.}...........X......P[.
6. .i.'.5..GET /main.php HTTP/1.1
7. Host: xn----htbjeegjcrba7f8c2c.xn--p1ai
8. Connection: keep-alive
9. Cache-Control: max-age=0
10. User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30
11. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
12. Accept-Encoding: gzip,deflate,sdch
13. Accept-Language: en-US,en;q=0.8
14. Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
15. Cookie: SN4de5f11a97506=15b2832242449e8d73fa72f668861a82
16.  
17.  
18. 23:18:22.227783 IP static.88-198-16-186.clients.your-server.de.www > 192.168.0.150.48332: Flags [P.], seq 1:558, ack 481, win 54, options [nop,nop,TS val 355843741 ecr 23715879], length 557
19. E .aJ.@.8...X........P...,.}[......6.......
20. .5...i.'HTTP/1.1 200 OK
21. Date: Wed, 06 Jul 2011 19:18:23 GMT
22. Server: Apache/1.3.42 (Unix) mod_gzip/1.3.26.1a mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 DAV/1.0.3 mod_ssl/2.8.31 OpenSSL/0.9.8e-fips-rhel5
23. Cache-Control: private, must-revalidate
24. P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"
25. X-Powered-By: PHP/5.2.17
26. Set-Cookie: SN4de5f11a97506=15b2832242449e8d73fa72f668861a82; path=/
27. Keep-Alive: timeout=5, max=100
28. Connection: Keep-Alive
29. Transfer-Encoding: chunked
30. Content-Type: text/html; charset=UTF-8
31.  
32. 2  
33. 35
34. 0
35.  
36.  
37. 23:18:22.345612 IP 192.168.0.150.48332 > static.88-198-16-186.clients.your-server.de.www: Flags [P.], seq 481:879, ack 558, win 246, options [nop,nop,TS val 23715952 ecr 355843741], length 398
38. E.....@.@.!\....X......P[....,....... .....
39. .i.p.5..GET /favicon.ico HTTP/1.1
40. Host: xn----htbjeegjcrba7f8c2c.xn--p1ai
41. Connection: keep-alive
42. Accept: */*
43. User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30
44. Accept-Encoding: gzip,deflate,sdch
45. Accept-Language: en-US,en;q=0.8
46. Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
47. Cookie: SN4de5f11a97506=15b2832242449e8d73fa72f668861a82
48.  
49.  
50. 23:18:22.517239 IP static.88-198-16-186.clients.your-server.de.www > 192.168.0.150.48332: Flags [P.], seq 558:1121, ack 879, win 62, options [nop,nop,TS val 355844030 ecr 23715952], length 563
51. E .gJ.@.8...X........P...,..[......>.y.....
52. .5...i.pHTTP/1.1 404 Not Found
53. Date: Wed, 06 Jul 2011 19:18:23 GMT
54. Server: Apache/1.3.42 (Unix) mod_gzip/1.3.26.1a mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 DAV/1.0.3 mod_ssl/2.8.31 OpenSSL/0.9.8e-fips-rhel5
55. Cache-Control: private, must-revalidate
56. P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"
57. X-Powered-By: PHP/5.2.17
58. Set-Cookie: SN4de5f11a97506=15b2832242449e8d73fa72f668861a82; path=/
59. Keep-Alive: timeout=5, max=98
60. Connection: Keep-Alive
61. Transfer-Encoding: chunked
62. Content-Type: text/html; charset=UTF-8