On Fri, Sep 19, 2008 at 10:47 AM, Sheahan, John <[EMAIL PROTECTED]>wrote:
> Hi guys....no one answered my last post regarding this topic so I'm > posting it again. > > I am new to the list and have used the Wireshark gui alot in the past. I am > in need of writing a script to look at some live http headers and was > thinking that if I were to use the command line version of wireshark running > on a linux server, that I would somehow be able to write some either Perl or > Ruby code to look at packets live and make some logical decisions based on > the contents of the headers. > > I am trying to get some advice if I can use the wireshark program itself > from a linux server to parse the headers with a script or do I need to use > tcpdump somehow ? > > Can anyone please point me in the right direction? > In a simplistic manner I think your asking about using tcpdump or tshark like: tshark -f <capture filter> -R <display filter> ... | grep <any additional filters> | perl_program_for_post_analysis For example: tshark -R 'http.request.method == "GET"' | perl -en "print i++"
_______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev
