Wireshark mailing list archives
Re: Tshark output in apache log format
From: "j.snelders" <j.snelders () telfort nl>
Date: Fri, 20 Aug 2010 17:03:02 +0200
Hi Jeffs, You can use a display filter -R "http.host contains "www"" and write the packets to -w outfile: $ tshark -r infile.pcap -R "http.host contains "www"" -w outfile.pcap Best regards Joke On Fri, 20 Aug 2010 09:55:26 -0400 Jeffs wrote:
I doubt that Tshark can output a file in apache log format, but another program, justniffer, can read a .cap file and output in apache log format. I am currently using the following tshark command line to extract only sessions with 'www.' in the link: tshark -r test.pcap -T fields -e http.host | sed 's/?.*$//' | sed -n '/www./p' | sort | uniq -c | sort -rn | head -n 500 but this output is not in apache log format for use by justniffer. Can someone suggest a method to: either use tshark to output in apache log format only data with "www." in the data, or use a tshark command line sequence to output a "standard" .cap file that would contain all the usual .cap data but only for those records that contain "www." in them. Thanks.
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Tshark output in apache log format Jeffs (Aug 20)
- Re: Tshark output in apache log format j.snelders (Aug 20)
- Re: Tshark output in apache log format Jeffs (Aug 22)
- Re: Tshark output in apache log format j.snelders (Aug 22)
- Re: Tshark output in apache log format Jeffs (Aug 22)
- <Possible follow-ups>
- Re: Tshark output in apache log format j.snelders (Aug 22)
- Re: Tshark output in apache log format j.snelders (Aug 22)
- Re: Tshark output in apache log format j.snelders (Aug 20)