“You need to examine HTTP headers of incoming requests but don’t want to save the dump to a file and use Wireshark”.
TLDR #
sudo tcpdump -s 1024 -l -A -n dst port <webserver port> \
and dst host <instance internal ip> | egrep \
--line-buffered "^........(GET |HTTP/|POST |HEAD )|^[A-Za-z0-9-]+: "\
| sed -r 's/^........(GET |HTTP/|POST |HEAD )/\n\1/g'
Added line breaks for readability.
You may want to try -vs or -vss but no difference for what I needed.
Long version #
Command explanation
sudo tcpdump -s 1024 -l -A -n dst port <webserver port> and dst host <instance internal ip>
TBD
| egrep --line-buffered "^........(GET |HTTP/|POST |HEAD )|^[A-Za-z0-9-]+: "
TBD
| sed -r 's/^........(GET |HTTP/|POST |HEAD )/\n\3/g'
TBD