This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

capture only packets that contain this http header-> Host: mydomain.com

0

hello i want to capture packets that contain this http header-> Host: mydomain.com if i use http.host display filter all data will be saved to disk and it becomes very large after few minutes is this possible ? or is there any kind of perl or python script written for this ?

asked 07 Oct '14, 09:23

Damen%20Salvatore's gravatar image

Damen Salvatore
1111
accept rate: 0%

One Answer:

0

You should set a capture filter:

port 80 and host mydomain.com
So Wireshark does not capture other packets. The display filter is like the name says only for hiding packets, so if you remove the filter other packets will show up.
Just a little Tutorial video about setting capture filters, click here.

answered 13 Oct '14, 10:18

lal12's gravatar image

lal12
367712
accept rate: 33%

edited 13 Oct '14, 10:22