exactly....thank you.
I wasn't sure if this was possible from the command
line....
using it this way, all the developement should be in
PERL/Ruby.
You're the best!
john
On Fri, Sep 19, 2008 at 10:47 AM, Sheahan, John
<John.Sheahan@xxxxxxxxxxxxx>
wrote:
Hi guys....no one answered my
last post regarding this topic so I'm posting it
again.
I am new to the list and
have used the Wireshark gui alot in the past. I am in need of writing a script
to look at some live http headers and was thinking that if I were to use the
command line version of wireshark running on a linux server, that I would
somehow be able to write some either Perl or Ruby code to look at packets
live and make some logical decisions based on the contents of the
headers.
I am trying to get some advice if I
can use the wireshark program itself from a linux server to parse the headers
with a script or do I need to use tcpdump somehow ?
Can anyone please point me in the right
direction?
In a
simplistic manner I think your asking about using tcpdump or tshark
like:
tshark -f <capture filter> -R <display filter> ... |
grep <any additional filters> | perl_program_for_post_analysis
For
example:
tshark -R
'http.request.method == "GET"' | perl -en "print i++"