THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 1
JasMan's avatar
81
JasMan
answered 2020-08-08 13:07:05 +0000

First of all you should try to use dumpcap instead of tshark for a better performance.

You can then work with the advanced capture filters. According to the Wireshark site this filter should fulfill your needs to capture all HTTP GET requests:

dumpcap -i eth1 -f "tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420"