The best method to extract the subset of HTTP fields from the live traffic

[Vitaly Repin <vitaly.repin () gmail com>]

Hello,

I am trying to extract specififc subset of HTTP fields from the live
stream and I need wireshark experts' advices on the best way to do
this.

It looks like the following options exist:

1) Output packets in pdml format. Extract the fields I need from the
output data.

2) Use lua scripting to extract the data using the lua functions

It seems to me the second method is better in terms of performance
(pdml output contains huge amount of data which I do not need) and it
should be also simpler in development.

I have written tap in lua but I was able to extract only the fields
delivered through pinfo structure. The question is - how to parse tvb
structure?

Can I accees parsed tvb somehow? Should I get http dissector from
DissectorTable.get("tcp.port"):get_dissector(80) and apply it to the
tvb? Could you point me to example?

Or may be the simplest way is to create post-dissector or chained
dissector and do not to use tap at all?

Thanks in advance!

-- 
WBR & WBW, Vitaly
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe