I'm attempting to monitor web traffic for my network, and I currently
have the following to do so:
sudo tshark -i eth0 -l -V -R 'frame.number == 4' port 80
The above provides me with the fourth frame of each TCP communication
on port 80, I then need to parse out the host, GET statement, and some
other information. Is there an easy way of providing this information
in standard out, or is this something that I will have to feed the
frame data to a script/program to parse the information?
Ideally, I would like to be able to say, sniff on port 80 and give me
the http.host, http.location, etc.. in the standard out, rather than
displaying the entire frame with all of the information in which the
http.host and http.location, etc... match.