Re: The best method to extract the subset of HTTP fields from the live traffic

[Vitaly Repin <vitaly.repin () gmail com>]

Hello,

Thanks for the suggestion.  I have tried it once but switched to lua
later. How can I see the full list of HTTP fields supported by
Tfields? Can I extract http body there? Hwo can I parse it?

I was under impression it's not easy to parse "-Tfields" output if the
fields are multiline. This was additional argument in favor of lua - I
can output the data in any format I like (I use JSON as of now).

2016-01-06 19:51 GMT+02:00 Jeff Morriss <jeff.morriss.ws () gmail com>:
> On Wed, Jan 6, 2016 at 11:01 AM, Vitaly Repin <vitaly.repin () gmail com>
> wrote:
> > Hello,
> >
> > I am trying to extract specififc subset of HTTP fields from the live
> > stream and I need wireshark experts' advices on the best way to do
> > this.
> >
> > It looks like the following options exist:
> >
> > 1) Output packets in pdml format. Extract the fields I need from the
> > output data.
> >
> > 2) Use lua scripting to extract the data using the lua functions
>
>
> How many fields are you talking about?
>
> Have you checked out the "-T fields" option to tshark?  For example tshark
> -T fields -e http.<field1> -e http.<field2>

-- 
WBR & WBW, Vitaly
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe