This is our old Q&A Site. Please post any new questions and answers at

Hy everyone, I have a lot of '.pcap' files, I want to scan a packets and get a target URL, that mean for example if I run in background Wireshark and i go to get 3000 packets approximately - only for load the home-page), after i click for get one of the article of CNN i get 1500 packets (approximately).

I want to be capable to find exactly the URL that the user types( and the internal URL user go into (click to article into CNN site).

I try to filter all packets to get all http.request(GET ....), but the problem is when user entering site like CNN we received a lots of internal sessions that create a HTTP Request(for picture, publicity, image, referring to other sites ect...).

I search a unique raw or word into request or other things int the packet to be sure that user really get to this page(and its not a internal session to publicity, image, referring to other site etc...).

if its important i passing over packets with python, scapy library. Thanks a lot for any Response Jo.

asked 05 Jan '14, 22:31

Jo%20Smith's gravatar image

Jo Smith
accept rate: 0%

This looks like a network forensics task. Problem here is that Wireshark has no logic that classifies things like URLs for any given relevance. It's all manual work. If you need something with more logic you need to look for other solutions or code your own.

permanent link

answered 07 Jan '14, 00:30

Jasper's gravatar image

Jasper ♦♦
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 05 Jan '14, 22:31

question was seen: 4,077 times

last updated: 07 Jan '14, 00:30

p​o​w​e​r​e​d by O​S​Q​A