Is it possible to copy multiple URIs at once in Wireshark 1.6.5?
Right now, when Wireshark displays an http GET command of interest, I select the packet, then right click on the Full Request URI under "Hypertext Transfer Protocol", "Copy", then "Value". When there are hundreds of URIs to copy, it becomes maddening.
Ideally, I would like to select the packets with ctrl+click, shift+click or ctrl+A, then right click and copy Full URIs.
Is there any way to get the full URIs faster than how I'm doing now ?
Thank you very much for your help!
asked 21 Jan '12, 18:12
-T pdml|ps|psml|text|fields format of text output (def: text) -e <field> field to print if -Tfields selected (e.g. tcp.port);$ tshark -r clmt_04.pcap -T fields -e http.request.full_uri | sort | uniq > http.request.full_uri.txt
Thank you very much, joke!
I got it working but using this:
It's not as good as I'd hope, but at least it's working. Do you think it would be a worthy feature to implement in Wireshark? Being able to copy one type of information from multiple packets? I, for one, would love that.
answered 23 Jan '12, 05:51
You get a better result, when you use TShark together with sort and uniq:
$ tshark -r test.pcap -T fields -e frame.number -e eth.src -e eth.dst -e ip.src -e ip.dst -e frame.len > test1.csv
You can also file an enhancement bug at Bugzilla.
answered 23 Jan '12, 11:10