Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

How to capture filter by tshark http.request Of traffic

Now I use is a display filter to collect.my lan traffic is relatively large, which will lead to a large number of temporary files under / var / TMP and insufficient hard disk capacity. What I do is

tshark -i eth1 -Y http.request

The - a option cannot be added because tshark will analyze the data even if it stops collecting, and adding the - a option will cause data loss.I want to get rid of most of the irrelevant traffic directly through the capture filter so that this will not happen