Ask Your Question

Revision history [back]

tshark -G fields will display all fields that may be used in display filters.

To then only see http fields, use your shell filter capabilities, e.g. for PowerShell:

tshark -G fields | Select-String -SimpleMatch "http."

Note that Powershell Select-String defaults to using a regex pattern so the "." would have to be escaped. Using the SimpleMatch flag disables the regex.

If you want ALL http fields (http, http2, http3) then I would use a regex to select those fields, e.g.

tshark -G fields | Select-String "http[2|3]?\."