 | 1 | initial version |
Best I can tell from the code, tshark does not support multiple -Y options - last one in wins.
case 'Y':
dfilter = optarg;
break;
Combine the -Y filters into one and add tcp.reassembled.data to the end to exclude the blank lines.
tshark -d tcp.port==1030,http -Y "ip.src==192.168.20.11 and tcp.srcport==1030 and http.request.method=='POST' and tcp.reassembled.data" -T fields -e tcp.reassembled.data -i vestas_sim_br