vbNewbie
Reputation: 3345
tshark packet capture filter by request url
I am trying to only capture packets that contain requests to a certain API endpoint so tried to filter using the following:
tshark -i 2 -f 'port 80' -T pdml http.request.uri contains "/google/"
However I keep getting the following error:
tshark: A capture filter was specified both with "-f" and with additional
command-line arguments.
Tried removing the -f, but that did not help either. Any suggestions?
eg url: https://testAPI.com/termsearch/google/application
Upvotes: 5
Views: 9238
Answers (1)
Christopher Maynard
Reputation: 6304
Your tshark command is incorrect. To specify a Wireshark display filter, you need to use the -Y option.
Windows:
tshark -i 2 -T pdml -Y "http.request.uri contains \"/google/\""
*nix:
tshark -i 2 -T pdml -Y 'http.request.uri contains "/google/"'
Upvotes: 6
Related Questions
- tshark capture only dns or http traffic with specific ip adress and write to file
- Tshark filtering http/https get request
- tshark 2.2.2 command line parameters to dump full http+json requests and responses
- capturing incoming RESTAPI traffic on apache server using tshark
- Wireshark filter for filtering both destination-source IP address and the protocol
- How to extract all the http request's tcp sequence numer with tshark?
- how to capture HTTP packets in wireshark
- How to capture only TCP traffic with tshark
- how can I configure wireshark to capture to not-80 port http request?
- Filter for ONLY initial GET request in tshark or tcpdump. Including HTTP and HTTPS