3
1
I am new to tshark tool usage. I am trying to use tshark tool for capturing only HTTP traffic but i am unable to do it. Here is the cmd i run to get the all traffic:
tshark -c 1000 -w packetFile.pcap
Anyway i can filter out only http traffic?
Seeker
Posted 2016-01-29T17:09:48.703
Reputation: 133
3
Use a display filter:
tshark -Y http
If you need to save the capture, you can run the display filter on the output:
tshark -r packetFile.pcap -Y http -w packetFile-http.pcap
Sphinges
Posted 2016-01-29T17:09:48.703
Reputation: 46
1Display filter is nice, but for capturing only http, this can be used: tshark -f 'port http' – brablc – 2018-06-26T09:37:05.677
If UI is ok with you, try WireShark. You can directly select filters in the UI. I think but not sure, it gives you the command line to fire the same – Ganesh R. – 2016-01-29T19:05:18.657