Wireshark · Ethereal-users: [Ethereal-users] POST payload filter

Ethereal-users: [Ethereal-users] POST payload filter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Julio Cesar Ody <julioody@xxxxxxxxx>

Date: Wed, 18 May 2005 14:32:48 +1000

Hi all,

I'm trying to build a filter to capture HTTP POST payloads. So far,
what I did is look into the HTTP packet and check for the existance of
a string I KNOW it's going to be there. Here's what happens:

$ sudo tethereal -i eth0 -R 'http contains "username"'
Capturing on eth0
  4.182450 202.92.95.110 -> 192.168.0.249 HTTP Continuation or non-HTTP traffic
  4.182456 202.92.95.110 -> 192.168.0.249 HTTP Continuation or non-HTTP traffic
  4.182464 202.92.95.110 -> 192.168.0.249 HTTP Continuation or non-HTTP traffic
  4.182881 202.92.95.110 -> 192.168.0.249 HTTP Continuation or non-HTTP traffic
  4.408846 202.92.95.110 -> 192.168.0.249 HTTP Continuation or non-HTTP traffic
  4.408852 202.92.95.110 -> 192.168.0.249 HTTP Continuation or non-HTTP traffic
  4.408859 202.92.95.110 -> 192.168.0.249 HTTP Continuation or non-HTTP traffic
  4.409274 202.92.95.110 -> 192.168.0.249 HTTP Continuation or non-HTTP traffic
  6.317624 192.168.0.249 -> 202.92.95.110 HTTP Continuation or
non-HTTP traffic (application/x-www-form-urlencoded)


I can see it means that more than one packet is being used to transfer
what I'm looking for. So my question is: is there a way to display the
actual POST payload? How?


Thanks a lot.

-- 
Julio C. Ody
http://rootshell.be/~julioody

Prev by Date: [Ethereal-users] After updating Ethereal to 0.10.11 cannot capture to file
Next by Date: [Ethereal-users] Ethereal Decoding Bug (MTP3)
Previous by thread: [Ethereal-users] After updating Ethereal to 0.10.11 cannot capture to file
Next by thread: [Ethereal-users] Ethereal Decoding Bug (MTP3)
Index(es):
- Date
- Thread