Hello list,
I can't find the solution for following problem: I have a tcpdump
capture file from which I'd like to extract all HTTP POST requests (with
their payload).
When I do something like this:
tshark -V -T text -R 'http.request and http.request.method == "POST"'
-r /tmp/tpdump.out
the POST content is truncated, e.g. for example captured PNG upload
shows only information about encapsulated chunks of data, not the data
itself.
However when I add the "-x" option to tshark, I can see this data
reassembled (but also in hex dump which I don't need).
Is there a way to extract this data? What I need is a tshark equivalent
to "export selected bytes as..." option found in wireshark.
--
Tomasz Marciniak
