Wireshark-users: Re: [Wireshark-users] HTTP dump with tshark...
From: "Abhik Sarkar" <sarkar.abhik@xxxxxxxxx>
Date: Wed, 16 Jul 2008 14:15:49 +0400
This works for me:
tshark -i3 -V -T text -f "tcp port 8888" -d "tcp.port==8888,http" -R
http.request
the -d "tcp.port==8888,http" is important because it tells tshark to
dissect tcp port 8888 as HTTP. In your case, -i and the port will be
different.

HTH
Abhik.

On Wed, Jul 16, 2008 at 1:33 PM, John Doe <jdmls@xxxxxxxxx> wrote:
> Hi everybody,
>
> I have been trying to dump HTTP traffic with tshark, but did not manage to find good params...
> I want to dump the traffic in text from a server on 192.168.16.23:8880
> I tried variants of:
>
>  tshark -T text -x -f "dst port 8880 and host 192.168.16.23" -R http.request
>
> But I endup just dumping to a file and using the strings command on it...
> Is there a better way?
>
> Thx,
> JD
>
>
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>