 | 1 | initial version |
First of all you should try to use dumpcap instead of tshark for a better performance.
You can then work with the advanced capture filters. According to the Wireshark site this filter should fulfill your needs to capture all HTTP GET requests:
dumpcap -i eth1 -f "tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420"
