How to perform Wiresharks File->Extract Objects->HTTP through Tshark commandline interface?

Using TShark, I want to be able to extract the payload in HTTP response from packets data captured through tshark in a .pcap file.

In the Wireshark GUI, I was able to do that by File > Extract Objects > HTTP, and then choosing a file from the HTTP Objects dialog (which shows a list of all HTTP objects), and saving it on my disk. This process is described here.

The question is that how can I do it in Tshark?

Solution

I don't know if TShark can do it, but you can use Chaosreader instead.

Comments (1)

+0 – Thank you. I got the HTTP payload, but I also want source and destination IPs as well as port numbers. Can you guide me a bit about how to get those. I posted a question here. — Aug 28, 2016 at 06:21

External Links

External links referenced by this document:

References

https://serverfault.com/questions/797866