you can use "-e text" to grab the returned output.
tshark -G | grep http
will show you the valid http.* related filters
On 22 May 2013 06:39, Chris Datfung <chris.datfung@xxxxxxxxx> wrote:
> Hi,
>
> I want to use tshark to capture http requests and responses. I have having
> difficulty getting POST bodies and the HTML response body to appear. I'm
> using the following command:
>
> tshark -R "http.response or http.request" -T fields -E separator="|" -e
> frame.time_epoch -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport -e
> http.request.version -e http.request.method -e http.request -e http.host -e
> http.request.uri -e http.user_agent -e http.response.code -e
> http.content_type -e http.content_length -e http.location -e http.referer -e
> http.response.body
>
> Is there a URL that shows all possible -e flags? Can someone suggest how I
> can print a pipe deliminated output of the entire http request and response
> pair?
>
> Thanks,
> Chris
>
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
--
Shaineel Singh
e: shain.singh@xxxxxxxxx
p: +61 422 921 951
w: http://buffet.shainsingh.com
--
"Too many have dispensed with generosity to practice charity" - Albert Camus
