Quickly Find Web Servers In Large Capture Files

Sorry, used the version for 1.8 – corrected.

 tshark -nn -r big_honking_capture_file.pcap -Y “http.server == Apache || http.server == nginx” -T fields -e ip.src -e tcp.srcport -e ip.dst -e http.server -e http.location

Tshark to the rescue…Source: http://jeffsoh.blogspot.com

Leave a Reply