Using TShark, I want to be able to extract the payload in HTTP response from packets data captured through tshark in a .pcap file.
In the Wireshark GUI, I was able to do that by
File > Extract Objects > HTTP, and then choosing a file from the HTTP Objects dialog (which shows a list of all HTTP objects), and saving it on my disk. This process is described here.
The question is that how can I do it in Tshark?
I don't know if TShark can do it, but you can use Chaosreader instead.
External links referenced by this document: