This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How can I export HTTP Objects via command line?

0

I routinely have large pcap files that I need to export the HTTP objects from. How can I do this via command line? Using the GUI is a very slow process with large files.

asked 28 Aug '14, 10:41

stom's gravatar image

stom
11113
accept rate: 0%

edited 28 Aug '14, 10:41

I'm actually looking to export the object themselves to a folder, not just have them placed into another PCAP that I'll then still have to open and manually export them from. Any way to do this? The proposed solution might make the files smaller and easier to deal with but still isn't the automation I was looking for.

(29 Aug '14, 07:54) stom

2 Answers:

0

Please see my answers to similar questions:

https://ask.wireshark.org/questions/26959/if-tshark-can-support-export-objects-like-wireshark-for-gui
https://ask.wireshark.org/questions/15560/headless-automate-export-object-when-capturing-packeting/15564

Regards
Kurt

answered 31 Aug '14, 04:28

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

0

As of Wireshark 2.3.0, you can export HTTP objects with tshark. (Wireshark 2.3.0 hasn't been released yet, so you can grab a daily build from here.)

To extract HTTP objects from the command-line, run the following command:

tshark -r mypcap.pcap --export-objects "http,destdir"

answered 15 Dec '16, 16:52

moshe's gravatar image

moshe
21125
accept rate: 0%