Wireshark mailing list archives
Re: The best method to extract the subset of HTTP fields from the live traffic
From: Vitaly Repin <vitaly.repin () gmail com>
Date: Thu, 7 Jan 2016 00:31:46 +0200
Hello, Thanks for the suggestion. I have tried it once but switched to lua later. How can I see the full list of HTTP fields supported by Tfields? Can I extract http body there? Hwo can I parse it? I was under impression it's not easy to parse "-Tfields" output if the fields are multiline. This was additional argument in favor of lua - I can output the data in any format I like (I use JSON as of now). 2016-01-06 19:51 GMT+02:00 Jeff Morriss <jeff.morriss.ws () gmail com>:
On Wed, Jan 6, 2016 at 11:01 AM, Vitaly Repin <vitaly.repin () gmail com> wrote:Hello, I am trying to extract specififc subset of HTTP fields from the live stream and I need wireshark experts' advices on the best way to do this. It looks like the following options exist: 1) Output packets in pdml format. Extract the fields I need from the output data. 2) Use lua scripting to extract the data using the lua functionsHow many fields are you talking about? Have you checked out the "-T fields" option to tshark? For example tshark -T fields -e http.<field1> -e http.<field2>
-- WBR & WBW, Vitaly ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: The best method to extract the subset of HTTP fields from the live traffic Vitaly Repin (Jan 06)
- <Possible follow-ups>
- Re: The best method to extract the subset of HTTP fields from the live traffic Vitaly Repin (Jan 06)
- Re: The best method to extract the subset of HTTP fields from the live traffic Vitaly Repin (Jan 11)