I have a capture of HTTP traffic that I need to extract values of Info field from. If I right click on each packet, select Copy -> Summary (Text) and then paste it in notepad I would eventually get all the values, but it would take me hours to do. Is there a quicker way to do it? None of the exports I tried worked for me. Thanks asked 12 Oct '13, 08:11  net_tech edited 12 Oct '13, 10:30  cmaynard ♦♦ |
One Answer:
If you you really want all the information from the Info column, then you are probably better off using Otherwise, if you're just looking for specific http fields from specific http packets, then you might want to just extract those specific fields of interest. A hypothetical example: UPDATE I believe I made a mistake above in thinking that you only wanted the Info column, but I think you are interested in all columns, so all you really should need to do is to run This will get you all of the columns that Wireshark is currently configured to display. answered 12 Oct '13, 10:21 cmaynard ♦♦ edited 12 Oct '13, 10:30 |
cmaynard,
tshark -r file.pcap -P -Y "http" > http_summary.txt is exactly what I was looking for! Thanks for your help.
I should have also mentioned that you can accomplish the same thing just as easily with Wireshark using
File -> Export Packet Dissections -> as "Plain Text" file..., and then just be sure to select "Packet summary line" and deselect all other options in the "Packet Format" grouping.My initial misinterpretation of the question led me to direct you to use tshark, which is why I forgot to mention the Wireshark method, but as you can see, you can accomplish this with either Wireshark or tshark.