Revision history [back]
When I try the command it does output http.response_for.uri during live capture. Are you capturing encrypted streams (https)?
Instead of using a field in the http response referring to the request, you can also use the field(s) from the actual http request:
tshark -i 4 -T fields -e http.request.full_uri -Y "http.request and http"
When I try http.response_for.uri is a calculated field populated during the command it does output http.response_for.uri during second pass. A 2-pass analyses cannot be combined with live capture. Are you capturing encrypted streams (https)?capture.
Instead of using a field in the http response referring to the request, you can also use the field(s) from the actual http request:
tshark -i 4 -T fields -e http.request.full_uri -Y "http.request and http"