Show only HTTP traffic in Wireshark
65,137
Solution 1
In the filter field, type http (lowercase!). Tested with WireShark Portable 1.10.7
Some basic filters
-
!httpshows all traffic which is NOT http -
ip.src != 196.168.1.1shows traffic which is NOT from this IP source -
ip.dst == 196.168.1.1shows traffic to this IP destination -
ip.addr == 196.168.1.1shows all traffic which has the specific IP as source OR destination
Solution 2
To exclude SSDP/UDP: http && tcp
Credit: http://www.emtek.net.nz/blog/2013/03/17/wireshark-filter-http-only-exclude-ssdp-or-udp/
Related videos on Youtube
10 : 38
Learn Wireshark in 10 minutes - Wireshark Tutorial for Beginners
08 : 41
How to DECRYPT HTTPS Traffic with Wireshark
16 : 43
HTTP Traffic Analysis using Wireshark-1
01 : 02
How to filter all Http Traffic in Wireshark - Capture and display the packet
02 : 02
Unix & Linux: Show only HTTP traffic in Wireshark (3 Solutions!!)
Author by
sashoalm
Updated on September 18, 2022Comments
-
sashoalm over 1 year
How can I filter out traffic that is not HTTP in Wireshark, so that it shows me only HTTP traffic, but not, TCP, DNS, SSDP, etc.
-
sashoalm almost 10 yearsOK, it's working, but it shows both http and ssdp fields, which is strange. When I tried typing just "ssdp", it said no such protocol exists.
-
sashoalm almost 10 yearsVersion 1.8.2. Also, when I typed "tcp" for filter, it showed TCP, TLSv1.1 and HTTP fields.
-
DTrump - not that one almost 10 yearsIf you type "tcp" as the filter, it'll show all TCP traffic, whether it's HTTP running over TCP, SSL/TLS running over TCP, or something else running over TCP.
-
Arnoud Buzing about 9 yearsI have been trying to figure that one out for ages. Thanks! -
SuperUberDuper over 4 yearswhat if you only see protocol: 0x0800 -
SuperUberDuper over 4 yearsie I want to filter by http and don't see it
