Capture Only HTTP traffic in tshark
11,549
Use a display filter:
tshark -Y http
If you need to save the capture, you can run the display filter on the output:
tshark -r packetFile.pcap -Y http -w packetFile-http.pcap
Related videos on Youtube
10 : 38
Learn Wireshark in 10 minutes - Wireshark Tutorial for Beginners
08 : 41
How to DECRYPT HTTPS Traffic with Wireshark
13 : 05
tshark and Termshark tutorial: Capture and view wireshark captures in a console
16 : 43
HTTP Traffic Analysis using Wireshark-1
01 : 26
Capture Only HTTP traffic in tshark
15 : 48
Packet Analysis - Tshark Fundamentals
Author by
Seeker
Updated on September 18, 2022Comments
-
Seeker over 1 year
I am new to tshark tool usage. I am trying to use tshark tool for capturing only HTTP traffic but i am unable to do it. Here is the cmd i run to get the all traffic:
tshark -c 1000 -w packetFile.pcapAnyway i can filter out only http traffic?
-
brablc almost 6 yearsDisplay filter is nice, but for capturing only http, this can be used:tshark -f 'port http'