Drill: HTTP Debugging with curl

Goal

Use curl with verbose flags, custom resolution, and connection overrides to debug HTTP/HTTPS issues.

Setup

• Linux system with curl installed
• A target HTTP service to test

Commands

Verbose output showing headers and TLS handshake:

curl -v https://example.com 2>&1 | head -40

Show only response headers:

curl -I https://example.com

Show timing breakdown:

curl -w "dns: %{time_namelookup}s\nconnect: %{time_connect}s\ntls: %{time_appconnect}s\nfirstbyte: %{time_starttransfer}s\ntotal: %{time_total}s\n" -o /dev/null -s https://example.com

Override DNS resolution (test before DNS change):

curl --resolve example.com:443:93.184.216.34 https://example.com

Connect to a different backend (useful for testing behind a load balancer):

curl --connect-to example.com:443:backend1.internal:443 https://example.com

Send a request with custom headers:

curl -H "Host: myapp.example.com" -H "X-Request-ID: test-123" http://10.0.0.5:8080/health

Follow redirects and show the chain:

curl -v -L https://example.com 2>&1 | grep -E '< HTTP|< Location'

Test with specific TLS version:

curl --tlsv1.2 --tls-max 1.2 -v https://example.com 2>&1 | grep -i tls

What to Look For

• time_namelookup much larger than 0 may indicate DNS issues
• Gap between time_connect and time_appconnect shows TLS handshake overhead
• time_starttransfer minus time_appconnect is server processing time
• Response codes, redirect chains, and header values for debugging routing

Common Mistakes

• Forgetting that -v output goes to stderr (use 2>&1 to capture it)
• Not using --resolve to test against specific backends before DNS changes
• Ignoring the difference between -I (HEAD) and -v (GET with verbose)
• Not checking certificate details in verbose TLS output for cert mismatches

Cleanup

No cleanup needed. curl is a client-side tool with no server-side effects (for GET/HEAD).