Hi, I'd like to write some scripts that leverage the wireshark
dissectors to analyze http traffic. I'm currently thinking of writing
up some Python scripts to read tshark -T pdml, but the output seems to
be dissecting each packet individually - it doesn't provide the
reassembly feature found in the wireshark GUI, and I believe this is
causing some of the resulting http entities to be nonsensical (e.g., I
see http packets that contain only a "data" field).
Does anybody have any advice on what I can do? I'm not married to
tshark by any means, so if there's another approach (e.g. Lua, MATE, or
even a non-wireshark HTTP logging proxy) that is better suited for what
I'm trying to do, then I'd be happy to hear about it too.
Thanks in advance for any help!