/usr/sbin/tcpdump is the bulit in packet sniffer. Run this as root. If you want a nicer output, well, I don't know how to do that, but you might find these perl scripts usefull:
--begin sniffer.pl ----
#!/usr/bin/perl
$LIMIT = shift || 5000;
$|=1;
open (STDIN,"/usr/sbin/tcpdump -lnx -s 1024 dst port 80 |");
while (<>) {
if (/^\S/) {
last unless $LIMIT--;
while ($packet=~/(GET|POST|WWW-Authenticate|Authorization).+/g) {
print "$client -> $host\t$&\n";
}
undef $client; undef $host; undef $packet;
($client,$host) = /(\d+\.\d+\.\d+\.\d+).+ > (\d+\.\d+\.\d+\.\d+)/
if /P \d+:\d+\((\d+)\)/ && $1 > 0;
}
next unless $client && $host;
s/\s+//;
s/([0-9a-f]{2})\s?/chr(hex($1))/eg;
tr/\x1F-\x7E\r\n//cd;
$packet .= $_;
}
end sniffer.pl-----
begin fixup.pl---
#!/usr/bin/perl
use Socket;
use MIME::Base64;
$|=1;
while (<>) {
next unless ($host,$client,$msg) = /(\S+) -> (\S+)\s+(.*)\s+/;
$msg=~s/(Authorization:\s+Basic\s+)(\S+)/$1 . decode_base64($2)/e;
print lookup($host)," -> ",lookup($client),"\t$msg\n";
}
sub lookup {
my $addr = shift;
my $lookup = (gethostbyaddr(inet_aton($addr),AF_INET))[0];
return $lookup || $addr;
}
--end fixup.pl
to use them, ./sniffer.pl | ./fixup.pl. You'll need to add the mime encoding perl thing, too. Perhaps with this information, you could build a nice perl sniffer or something.