Re: tshark - data.text field

[Christopher Maynard <Chris.Maynard () gtech com>]

Jagadeesh Dyaberi <jdyaberi@...> writes:

>   Hi,
>
> I need to search through the data packets for 'HTTP' occurrence string(I 
> have URLs embedded in the payload) and am using the following command:
>   $ tshark -r trace1.pcap -R 'data.text contains "HTTP"'
>
> but get the following error:
> tshark: Neither "data.text" nor "HTTP" are field or protocol names.
>
> I tried byte string matching setting: 'data.data contains 0x68747470' 
> but was unsuccessful.
>
> Any help is appreciated. Thanks

You might try this:
    tshark -r trace1.pcap -R 'frame contains "HTTP"'
or this:
    tshark -r trace1.pcap -R 'frame contains 68:74:74:70'



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe