For example I have a server listening on port 8001, a client programe open a tcp socket connect to that port, send some binary data, I want to capture the actual data only without any TCP/IP header such as tcp handshake stuff..
Is that possible with tcpdump?
You can obtain something similar using tcpdump -i any <your_filter> -A. From man tcpdump:
-A Print each packet (minus its link level header) in ASCII. Handy for capturing web pages.
To obtain a more focused dump (ie: remove some handshake packet) you can play with the filter rules, for example removing tcp-syn packet from filtering.
Yes, you can capture only TCP PUSH messages by using the following command:
sudo tcpdump "tcp[tcpflags] & (tcp-push) != 0"
Nope, the tcpdump haven't features to exctract payload (cut off the headers). Also the aren't any built-in features about deep analysis of application layer data. But you can write the traffic into the file, and extract the actual data with wireshark features.
