Wireshark · Wireshark-users: [Wireshark-users] tshark http reassembly

[Yang Zhang <yanghatespam@xxxxxxxxx>]

Hi, I'd like to write some scripts that leverage the wireshark 
dissectors to analyze http traffic.  I'm currently thinking of writing 
up some Python scripts to read tshark -T pdml, but the output seems to 
be dissecting each packet individually - it doesn't provide the 
reassembly feature found in the wireshark GUI, and I believe this is 
causing some of the resulting http entities to be nonsensical (e.g., I 
see http packets that contain only a "data" field).

Does anybody have any advice on what I can do?  I'm not married to 
tshark by any means, so if there's another approach (e.g. Lua, MATE, or 
even a non-wireshark HTTP logging proxy) that is better suited for what 
I'm trying to do, then I'd be happy to hear about it too.

Thanks in advance for any help!