 | 1 | initial version |
I realize this is a very old question, but in case it helps, here's a solution:
Since each capture file contains only a single TCP stream, you can simply specify the stream number 0. For example:
tshark -q -r somefile.pcap -z follow,http,ascii,0
NOTE Most likely, you probably want to also use the -q option to suppress individual packet information from being displayed.
Refer to the tshark man page for more information about the -z follow ... option and its syntax.