How to capture filter by tshark http.request Of traffic
Now I use is a display filter to collect.my lan traffic is relatively large, which will lead to a large number of temporary files under / var / TMP and insufficient hard disk capacity. What I do is
tshark -i eth1 -Y http.request
The - a option cannot be added because tshark will analyze the data even if it stops collecting, and adding the - a option will cause data loss.I want to get rid of most of the irrelevant traffic directly through the capture filter so that this will not happen