Show whole url in query log instead of domain


I have a lot of these api-calls, but i want to know the whole url


Unfortunately, this is technically impossible. Your clients do only query the host name and never tell the DNS server the full URL.

You can see this also as a security feature - why should you tell e.g. your ISP’s or Google’s DNS servers the full path of what you are visiting?


Thanks for your response.


If you want to catch just a few URLs, use Wireshark (and if you don’t want to patch the topology a ARP-spoofer) with the filter “http” to catch http requests which contains the requested URL.


When I have the time I will try to figure out how wireshark works.


Just make sure, that the traffic goes over your pc. When you want to sniff you smartphone open a hotspot or use a hub instead of a switch.


I want to sniff a raspberry pi connected to Ethernet.
And i’m Using a mac with wireshark, Can u explane me how to do that?


What do you want to sniff? Just the traffic between your mac and the PI was better/easier to realize than sniffing the whole traffic?

If you want to sniff the whole traffic you need to be the man in the middle (you need to be a switch or catching traffing fron a switch, router ecetera). The FritzBox offers to sniff at their ports for example.
If you try to be the man in the middle via ARP-spoofing, you need to deactivate the security software of your pc’s because they would really fuck up :wink:

Just the traffic between your PI and your mac: Open Wireshark and start sniffing at your network interface card. Set as filter “ip.addr==ADRESS-OF-YOUR-PI” and confirm with enter.


I want to sniff the traffic between my pi and


Ok so if the PI calls, the request passes your router. Maybe your router offers a function to sniff. Otherwise you need to use Cain & Abel for example to tell the PI “Hey i am the router” and the router “Hey i am the PI” so that the traffic is routed over your mac.

Maybe look here:

At 01:50 must be your router on the left side, your PI on the right side, then activate the nuker (radioactive-symbol)
At 02:13 traffic is full-routed. then you can start Wireshark with sniffing.
You just need to go until 02:15. After that it is just focussed on sniffing passwords.


@DL6ER is correct here, but if you’re curious, /var/log/lighttpd/access.log can show the URL but only for blocked domains.


Show whole url in query log instead of domain, 2nd try