 | 1 | initial version |
Answering my own question. After some trial and error, I found that the field http.file_data is what I'm looking for
tshark -r capture.pcap -T fields -e http.file_data http.response_number eq 1
The only documentation I can find forhttp.file_data is here. All it says is
http.file_data File Data Character string 2.2.0 to 3.0.1
Is there a better definition somewhere? I may not be looking in the correct place.
| | 2 | No.2 Revision |
Answering my own question. After some trial and error, I found that the field http.file_data is what I'm looking for
tshark -r capture.pcap -T fields -e http.file_data http.response_number eq 1
1 and tcp.stream eq 4
The only documentation I can find forhttp.file_data is here. All it says is
http.file_data File Data Character string 2.2.0 to 3.0.1
Is there a better definition somewhere? I may not be looking in the correct place.