Wireshark mailing list archives
Re: question about exporting/filtering files
From: Richard Bejtlich <taosecurity () gmail com>
Date: Wed, 2 Dec 2009 12:28:01 -0500
On Tue, Dec 1, 2009 at 1:17 PM, zeev mintz <zeevmintz () yahoo com> wrote:
Hi, I have captured lots of traffic, and I would like to filter out certain packets from my captures. For example, I want to filter only http GET messages. Since I have over a thousand log files (each over 100mb), I need a fast (or some kind of automatic) way to export only the http GET messages from all the log files, into several small files (no bigger than 100mb each). As far as I can see, I can't filter messages during capture by the http method (GET), and there is no export feature through the wireshark terminal commands. What can i do? Thanks alot, shalev
Hello, Do you need to save the actual packet, or only the GET request messages? If you only need to save the GET requests, you can use a Tshark display filter. tshark -i wlan0 -R 'http.request.method == "GET"' 2009-12-02 12:27:29.001591 192.168.2.107 34431 172.16.2.1 3128 HTTP GET http://www.bejtlich.net/index.html HTTP/1.0 Unfortunately, if you want to save the traffic, that method will record all packets because a display filter is not the same as a capture filter. You might want to use Httpry, Bro, or something similar instead. Sincerely, Richard ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- question about exporting/filtering files zeev mintz (Dec 02)
- Re: question about exporting/filtering files M Holt (Dec 02)
- Re: question about exporting/filtering files Richard Bejtlich (Dec 02)
- Re: question about exporting/filtering files Gerald Combs (Dec 02)
- Re: question about exporting/filtering files Richard Bejtlich (Dec 02)
- Re: question about exporting/filtering files Gerald Combs (Dec 02)
- Re: question about exporting/filtering files Richard Bejtlich (Dec 02)
- Re: question about exporting/filtering files Gerald Combs (Dec 02)