Wireshark · Wireshark-users: Re: [Wireshark-users] The best method to extract the subset of HTTP fields from the live traffic

Wireshark-users: Re: [Wireshark-users] The best method to extract the subset of HTTP fields from

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>

Date: Wed, 6 Jan 2016 12:51:24 -0500

On Wed, Jan 6, 2016 at 11:01 AM, Vitaly Repin <vitaly.repin@xxxxxxxxx> wrote:

Hello,

I am trying to extract specififc subset of HTTP fields from the live
stream and I need wireshark experts' advices on the best way to do
this.

It looks like the following options exist:

1) Output packets in pdml format. Extract the fields I need from the
output data.

2) Use lua scripting to extract the data using the lua functions

How many fields are you talking about?

Have you checked out the "-T fields" option to tshark? For example tshark -T fields -e http.<field1> -e http.<field2>

References:
- [Wireshark-users] The best method to extract the subset of HTTP fields from the live traffic
  - From: Vitaly Repin

Prev by Date: [Wireshark-users] The best method to extract the subset of HTTP fields from the live traffic
Next by Date: Re: [Wireshark-users] The best method to extract the subset of HTTP fields from the live traffic
Previous by thread: [Wireshark-users] The best method to extract the subset of HTTP fields from the live traffic
Next by thread: Re: [Wireshark-users] The best method to extract the subset of HTTP fields from the live traffic
Index(es):
- Date
- Thread