Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

First of all you should try to use dumpcap instead of tshark for a better performance.

You can then work with the advanced capture filters. According to the Wireshark site this filter should fulfill your needs to capture all HTTP GET requests:

dumpcap -i eth1 -f "tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420"