tshark http -e options

[Chris Datfung <chris.datfung () gmail com>]

Hi,

I want to use tshark to capture http requests and responses. I have having
difficulty getting POST bodies and the HTML response body to appear. I'm
using the following command:

tshark -R "http.response or http.request" -T fields -E separator="|" -e
frame.time_epoch -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -e
http.request.version -e http.request.method -e http.request -e http.host -e
http.request.uri -e http.user_agent -e http.response.code -e
http.content_type -e http.content_length -e http.location -e http.referer
-e http.response.body

Is there a URL that shows all possible -e flags? Can someone suggest how I
can print a pipe deliminated output of the entire http request and response
pair?

Thanks,
Chris

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe