exactly....thank you. I wasn't sure if this was possible from the command line.... using it this way, all the developement should be in PERL/Ruby. You're the best! john
________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fulko Hew Sent: Friday, September 19, 2008 11:28 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Live HTTP Header Inspection - 2nd attempt On Fri, Sep 19, 2008 at 10:47 AM, Sheahan, John <[EMAIL PROTECTED]> wrote: Hi guys....no one answered my last post regarding this topic so I'm posting it again. I am new to the list and have used the Wireshark gui alot in the past. I am in need of writing a script to look at some live http headers and was thinking that if I were to use the command line version of wireshark running on a linux server, that I would somehow be able to write some either Perl or Ruby code to look at packets live and make some logical decisions based on the contents of the headers. I am trying to get some advice if I can use the wireshark program itself from a linux server to parse the headers with a script or do I need to use tcpdump somehow ? Can anyone please point me in the right direction? In a simplistic manner I think your asking about using tcpdump or tshark like: tshark -f <capture filter> -R <display filter> ... | grep <any additional filters> | perl_program_for_post_analysis For example: tshark -R 'http.request.method == "GET"' | perl -en "print i++"
_______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev
