Wireshark-users: [Wireshark-users] filter for ONLY initial get request
From: Jeffs <jeffs@xxxxxxxxxxxxx>
Date: Sat, 07 Aug 2010 22:29:08 -0400
I am working on a project which requires that the traffic across the network grab ONLY the initial get request for http requests. Usually, if I use something like wireshark or justniffer, on a single user's get request for, say, http://www.nytimes.com, I will receive all the following traffic and then some, based on just one request to http://www.nytimes.com:

nytimes.com
timespeople.nytimes.com
c.brightcove.com
admin.brightcove.com
graphics8.nytimes.com
s0.2mdn.net


Is there a way in wireshark or in any other network analysis tool to grab or filter out just the initial http request for the domain and disregard all the other follow up hosts (usually associated advertising) that accompanies these requests?

In other words, all I want to log or see in the filter results, in the above example, would be:

nytimes.com



Thank you.