Wireshark · Wireshark-users: Re: [Wireshark-users] tshark

Wireshark-users: Re: [Wireshark-users] tshark - data.text field

From: Christopher Maynard <Chris.Maynard@xxxxxxxxx>

Date: Thu, 23 Sep 2010 15:12:19 +0000 (UTC)

Jagadeesh Dyaberi <jdyaberi@...> writes:

> 
>   Hi,
> 
> I need to search through the data packets for 'HTTP' occurrence string(I 
> have URLs embedded in the payload) and am using the following command:
>   $ tshark -r trace1.pcap -R 'data.text contains "HTTP"'
> 
> but get the following error:
> tshark: Neither "data.text" nor "HTTP" are field or protocol names.
> 
> I tried byte string matching setting: 'data.data contains 0x68747470' 
> but was unsuccessful.
> 
> Any help is appreciated. Thanks

You might try this:
    tshark -r trace1.pcap -R 'frame contains "HTTP"'
or this:
    tshark -r trace1.pcap -R 'frame contains 68:74:74:70'

References:
- [Wireshark-users] tshark - data.text field
  - From: Jagadeesh Dyaberi

Prev by Date: Re: [Wireshark-users] ipv6 packet with routing header type 0, last segment
Next by Date: [Wireshark-users] Large Packages although TSO is off
Previous by thread: [Wireshark-users] tshark - data.text field
Next by thread: [Wireshark-users] Large Packages although TSO is off
Index(es):
- Date
- Thread