System Administration & Network Administration
http wireshark packet-capture tshark sniffing
Updated Tue, 20 Sep 2022 23:27:00 GMT

How to perform Wiresharks File->Extract Objects->HTTP through Tshark commandline interface?

Using TShark, I want to be able to extract the payload in HTTP response from packets data captured through tshark in a .pcap file.

In the Wireshark GUI, I was able to do that by File > Extract Objects > HTTP, and then choosing a file from the HTTP Objects dialog (which shows a list of all HTTP objects), and saving it on my disk. This process is described here.

The question is that how can I do it in Tshark?


I don't know if TShark can do it, but you can use Chaosreader instead.

Comments (1)

  • +0 – Thank you. I got the HTTP payload, but I also want source and destination IPs as well as port numbers. Can you guide me a bit about how to get those. I posted a question here. — Aug 28, 2016 at 06:21