This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can rawshark output the text field of HTTP traffic?

0

I'm trying to get rawshark to output the text of an HTTP stream. I'm running the following:

cat wlan.pcap | rawshark -r - -d proto:radiotap -d proto:http -s -F tcp.dstport -F ip.src -F http.host -F tcp.data -F text

It outputs the tcp.dstport, ip.src, and http.host but fails to output tcp.data and text reliably.

asked 17 Jan '13, 10:33

joeferner's gravatar image

joeferner
11112
accept rate: 0%

One Answer:

0

One issue is that "tcp.data" is not there on every frame: see bug 8084 for details.

Unfortunately I don't think there's a field which contains the entire HTTP payload.

I don't know about the "text" field/issue.

answered 17 Jan '13, 12:36

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

Thanks, I guess I'll use tshark in the mean time. To bad tshark can't accept a piped in file.

(18 Jan '13, 06:18) joeferner