On Fri, Sep 19, 2008 at 10:47 AM, Sheahan, John
<John.Sheahan@xxxxxxxxxxxxx> wrote:
Hi guys....no one answered my last post regarding this
topic so I'm posting it again.
I am new to the list and have used the Wireshark
gui alot in the past. I am in need of writing a script to look at some live http
headers and was thinking that if I were to use the command line version of
wireshark running on a linux server, that I would somehow be able to write some
either Perl or Ruby code to look at packets live and make some logical
decisions based on the contents of the headers.
I am trying to get some advice if I can use the
wireshark program itself from a linux server to parse the headers with a script
or do I need to use tcpdump somehow ?
Can anyone please point
me in the right direction?
In a simplistic manner I think your asking about using tcpdump or tshark like:
tshark -f <capture filter> -R <display filter> ... | grep <any additional filters> | perl_program_for_post_analysis
For example:
tshark -R 'http.request.method == "GET"' | perl -en "print i++"