Wireshark mailing list archives
inspecting full (reassembled) http post content
From: Tomasz Marciniak <tomasz.marciniak () eo pl>
Date: Fri, 20 Nov 2009 12:43:06 +0100
Hello list, I can't find the solution for following problem: I have a tcpdump capture file from which I'd like to extract all HTTP POST requests (with their payload). When I do something like this: tshark -V -T text -R 'http.request and http.request.method == "POST"' -r /tmp/tpdump.out the POST content is truncated, e.g. for example captured PNG upload shows only information about encapsulated chunks of data, not the data itself. However when I add the "-x" option to tshark, I can see this data reassembled (but also in hex dump which I don't need). Is there a way to extract this data? What I need is a tshark equivalent to "export selected bytes as..." option found in wireshark. -- Tomasz Marciniak ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- inspecting full (reassembled) http post content Tomasz Marciniak (Nov 20)