Hello,
Thanks for the suggestion. I have tried it once but switched to lua
later. How can I see the full list of HTTP fields supported by
Tfields? Can I extract http body there? Hwo can I parse it?
I was under impression it's not easy to parse "-Tfields" output if the
fields are multiline. This was additional argument in favor of lua - I
can output the data in any format I like (I use JSON as of now).
2016-01-06 19:51 GMT+02:00 Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>:
>
>
> On Wed, Jan 6, 2016 at 11:01 AM, Vitaly Repin <vitaly.repin@xxxxxxxxx>
> wrote:
>>
>> Hello,
>>
>> I am trying to extract specififc subset of HTTP fields from the live
>> stream and I need wireshark experts' advices on the best way to do
>> this.
>>
>> It looks like the following options exist:
>>
>> 1) Output packets in pdml format. Extract the fields I need from the
>> output data.
>>
>> 2) Use lua scripting to extract the data using the lua functions
>
>
> How many fields are you talking about?
>
> Have you checked out the "-T fields" option to tshark? For example tshark
> -T fields -e http.<field1> -e http.<field2>
--
WBR & WBW, Vitaly