how can i setup tshark to capture full URL uri request ip and time stamp

Question

How can I setup tshark to capture full URL uri request ip and time stamp.

I have tried this:

tshark -V -R "tcp.port ==80 && (http.request || http.response)" | awk "/Hypertext Transfer Protocol/,/Frame/ { print };/Transmission Control Protocol/{print};/Internet Protocol/{print}" | grep -v Frame

Also I want to capture DNS requests with this.

Can I capture https URLs also with tshark or wireshark, like application data whatsapp, facebook app for android devices.

score 0 · Answer 1 · answered May 20 '16 at 18:00

0

Wireshark (and tshark) uses different formats for describing display filters and capture filters. The one you are using is a display filter.

You can find more information on how to capture HTTP here.

answered May 20 '16 at 18:00

lpacheco

157
2
9

how can i setup tshark to capture full URL uri request ip and time stamp

1 Answers1