Hi, Can some tell me what are the arguments that we need to pass to tshark command to capture all the request and response(http xml) messages and write them to a file in txt format? I am aware of asked 28 May '12, 02:19  vikram edited 28 May '12, 07:39  cmaynard ♦♦ |
One Answer:
From the tshark manual page:
answered 28 May '12, 06:31  Jaap ♦ Hi Jaap, Thanks a lot for your reply.I am intrested in reading only the actaul messge that is being sent(in my case it is a xml)..is there any way to filter out maxium data that is being captured and get only the payload.When i use the -T pdml even the frames related network information is also coming in the from of xml and the file is becoming too huge. (29 May '12, 00:24) vikram tshark -i eth1 -R http -V > test2.txt when i use the above command,the data is coming in txt format..how ever some times the payload messge is only coming as hexadecimal format..is there any filter option to get the payload data as simple text (30 May '12, 02:07) vikram |
Hi, I am able to use the below command and able to see the payload...
tshark -r test2.log -R "http" -V(I used
tshark -i eth1 -d tcp.port=8101,http -w test2.logfor capturing the traffic)The problem now is along with the payload I see a lot of additional frame network related data. Can someone tell me any filter expression that I can use so that I will get only payload (http req/resp messages) or at least with minimal network related data?
From the tshark manual page: