Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2020-12-06 16:53:27 +0000

Chuckc gravatar image 
$ tshark -r ./ultpcap2.pcapng -Y "frame contains \"http\""  | wc
    105    1589   16286

$ tshark -r ./ultpcap2.pcapng -Y "tcp contains \"http\""  | wc
     59     802    7940

The search string needs double quotes that are "escaped" since the string passed to -Y also needs quotes.
Brief discussion here in a question about tshark.