This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Howto capture live MMS traffic without BIG logfiles?

0

How to combine 2 filters to get HTTP GET and POST in the same command? I have tried but result have been only the first filter part.

HTTP GET Capture filter sudo tshark -i p2p3 'port 80 and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420)'

HTTP POST Capture filter sudo tshark -i p2p3 'tcp port 80 and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)'

Or is there a way to filter out picture and video content since this is the source of the problem?

asked 28 Oct '15, 07:36

jmh64swe's gravatar image

jmh64swe
6112
accept rate: 0%

What was the combined filter that you tried? If the two filters each worked separately, you should be able to combine them with a logical 'or'.

(28 Oct '15, 08:26) Jim Aragon

Now I tested tshark -i p2p3 'tcp port 80 and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)' or 'tcp port 80 and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)' but this only gives the last filter in the output.

(02 Nov '15, 03:54) jmh64swe

Any comment?

(05 Nov '15, 01:05) jmh64swe

Is there other ways to discard the actual picture/video content?

(09 Nov '15, 07:19) jmh64swe

One Answer:

0

You can set the -s snaplen parameter to cut the contents of each packet at a particular length. Have a look at the Wiki page for SnapLen for more info.

answered 09 Nov '15, 08:10

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%