This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello,

I have tried following: Statistics -> HTTP -> Load Distribution, setting the filter "tcp.port == 80", then I get in the dialog that pops up HTTP urls that were/are called in the network (promiscuous mode is of course on).

I see when someone on the network calls address by name, but I can not differentiate who called the address.

Is there any easy way how to filter out traffic on the network in form of table, which could possibly look like this?

| Time | Domain/url address visited | IP of who visited the address |

Thanks in advance for any help provided!

asked 27 Sep '15, 12:34

ddaniel's gravatar image

ddaniel
6112
accept rate: 0%


You can use tshark for that:

tshark -nr http.pcap -T fields -e frame.time -e http.request.full_uri -e ip.src -E separator=;

Regards
Kurt

permanent link

answered 27 Sep '15, 23:47

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Thanks for the reply but - is this tshark version specific? It tells me that "Separator" can not be used with option=value pair. Can you provide me with further assistance please?

(28 Sep '15, 01:24) ddaniel
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×293
×33
×29

question asked: 27 Sep '15, 12:34

question was seen: 2,842 times

last updated: 28 Sep '15, 01:24

p​o​w​e​r​e​d by O​S​Q​A