Wireshark mailing list archives

Re: The best method to extract the subset of HTTP fields from the live traffic

From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Wed, 6 Jan 2016 12:51:24 -0500

On Wed, Jan 6, 2016 at 11:01 AM, Vitaly Repin <vitaly.repin () gmail com>
wrote:

Hello,

I am trying to extract specififc subset of HTTP fields from the live
stream and I need wireshark experts' advices on the best way to do
this.

It looks like the following options exist:

1) Output packets in pdml format. Extract the fields I need from the
output data.

2) Use lua scripting to extract the data using the lua functions


How many fields are you talking about?

Have you checked out the "-T fields" option to tshark?  For example tshark
-T fields -e http.<field1> -e http.<field2>

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

The best method to extract the subset of HTTP fields from the live traffic Vitaly Repin (Jan 06)
- Re: The best method to extract the subset of HTTP fields from the live traffic Jeff Morriss (Jan 06)
- Re: The best method to extract the subset of HTTP fields from the live traffic Abhik Sarkar (Jan 06)