Download tcpmon-1.0-bin.zip and extract it anywhere. Double-click
C:\anywhere\tcpmon-1.0-bin\build\tcpmon.bat, which launches a background console and a Java GUI.
We want to observe the traffic between a browser and a website like
http://server.com:8080/app/page.jsp, so we will run tcpmon on the same box as the browser, and that box happens to be not using port 8123. We will tell the browser to hit our tcpmon box at port 8123 and tell tcpmon to forward that traffic on to server.com:8080.
On the tcpmon admin tab:
Listen Port #: 8123 Act as a... Listener Target Hostname: server.com Target Port #: 8080 Add
This creates a new tab named Port 8123. Switch to that tab, then hit
http://localhost:8123/app/page.jsp in your browser and you should see the
http://server.com:8080/app/page.jsp and tcpmon should report the traffic
Be careful. It looks like each row at the top of the tcpmon GUI corresponds to a client-server message pair at the bottom of tcpmon GUI, like this:
client sends POST /app/process.jsp HTTP/1.1 Host: server.com:8123 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20100101 Firefox/15.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://localhost:8123/app/page.jsp Content-Type: application/x-www-form-urlencoded Content-Length: 6521 name1=value1&name2=value2&... server replies HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html;charset=UTF-8 Content-Language: en-US Transfer-Encoding: chunked Date: Fri, 12 Oct 2012 14:58:56 GMT 2000 <html>...
But that's not the case. Each row at the top of the tcpmon GUI may in fact contain several client-server message pairs.