Hello, I have a capture file and need to display just the source and destination addresses and ports along with the http request and response headers. I have done a lot of searching but haven't found the correct tshark command to accomplish this task. I want to use tshark because the windows ui for wireshark is inaccessible for a blind user. Any tips would be greatly appreciated asked 11 Dec '14, 10:03  dnraikes |
One Answer:
I don't think getting all the headers is very easy. There is no filter field that contains all the headers, instead each header is given it's own filter. Users can also define custom headers each with their own filter field. As it stands the best option may be to use the pdml output of tshark and post-process that, e.g. using the You might also consider raising an enhancement request on the Wireshark Bugzilla to add all http headers to a single filter field, e.g. answered 12 Dec '14, 01:40  grahamb ♦ Hi, so I tried the QT version of wireshark and it is not accessible either (on windows) on Linux it is fine. I have decided that what I really need at the moment is the request uri / http version and the response status. This is just an initial test of a fuzzing run. (10 Jul '15, 10:00) dnraikes |
Are you looking for all the http headers, e.g. Content-Length etc., or do you want just the request URI and the response code?
For accessibility, have you tried the QT version of Wireshark to determine if it suits your needs any better?
I am looking for all headers. I am using this to help in preparing scripts for fuzzing a web application so I need to see all the headers.
I haven't tried the qt version of wireshark yet, but I will take a look at it.