Ping a Specific Port

Question

pkaeding

Asked: 2018-02-15 22:00:24 +0800 CST2018-02-15 22:00:24 +0800 CST 2018-02-15 22:00:24 +0800 CST

How can I export more than 1000 http request bodies from a large pcap file?

772

I have a pcap file (~2.3G) containing HTTP requests. I need to extract the body of each request in some way that I can further process it. Each request in its own file would work well, but I can be flexible on that.

I found something promising in tshark, as this command does almost what I need:

tshark -r capture.pcap --export-objects "http,data"

I get a folder with a bunch of files in it, each one containing one request body.

However, it only outputs the first 1000 requests. How can I get the rest of the requests?

1 Answers

Voted

atrakh · Answer 1 · 2018-02-16T16:50:40+08:00

Best Answer

atrakh

2018-02-16T16:50:40+08:002018-02-16T16:50:40+08:00

Try running tshark -r events.pcap -Y "http.request" -T fields -e http.file_data.

-Y "http.request" - filters for packets which are http requests

-T fields -e http.file_data - sets the output fields to just the request body

EDIT: With a large file, you may need to split up your captures with a tool like editcap.

2

How can I export more than 1000 http request bodies from a large pcap file?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?