4

I am trying to only capture packets that contain requests to a certain API endpoint so tried to filter using the following:

 tshark -i 2 -f 'port 80' -T pdml http.request.uri contains "/google/"

However I keep getting the following error:

tshark: A capture filter was specified both with "-f" and with additional 
command-line arguments.

Tried removing the -f, but that did not help either. Any suggestions?

eg url: https://testAPI.com/termsearch/google/application

vbNewbie
  • 3,291
  • 15
  • 71
  • 155

1 Answers1

5

Your tshark command is incorrect. To specify a Wireshark display filter, you need to use the -Y option.

Windows:

tshark -i 2 -T pdml -Y "http.request.uri contains \"/google/\""

*nix:

tshark -i 2 -T pdml -Y 'http.request.uri contains "/google/"'
Christopher Maynard
  • 5,702
  • 2
  • 17
  • 23