Hi, I am trying to find a way to display all HTTP requests AND the relevant responses that match a specific URI, say /images/*, from a capture file. I appreciate that I can match the request packet with http.request.uri, but is it possible to also select the packets related to the responses? Regards asked 27 Oct '10, 01:47 rtector |
2 Answers:
Wireshark by itself is not capable of doing that. You might be able to achieve this by using MATE or LUA. However, there is another way, you can use tshark to create a new file that contains only the HTTP requests/responses that you are interested in. Have a look at the presentation I gave at Sharkfest to see how this can be done. answered 28 Oct '10, 15:27 SYN-bit ♦♦ |
Hmm... that is tough because you'd need to find a value in the response packet that ties it to the request packet - such as the name of the file embedded in the file that is being sent. Since that isn't usually what happens, your best bet may be to find the packet of interest using the filter you defined and then right-click on the packet, Follow TCP Stream - you'll see all the requested URIs and responses for that connection though. If you are trying to reassemble those requested URIs, try File > Export > Objects > HTTP. answered 27 Oct '10, 20:26 lchappell ♦ |
Hi. Thank you for your answer but unfortunately the requests are pipelined (reverse proxy to server farm) and so the TCP stream is not much use. Additionally, I needed to do this on a large scale :)
Regards