Packet payload from pcap files
Hello,
As part of a research experiment, we need to use a web proxy and direct certain users from their computers through that web-proxy. Given that we do not have access to DHCP logs (this is on a college campus), we have asked each user to go through the proxy using a different port number so we can differentiate between them. Now as a result of doing this, the entire TCP packet is encapsulated as payload data within the captured packet (using tshark to capture the packets). Now I need to be able to parse the payload for statistics including the URL. I am not sure how best to proceed. I cannot find a utility that will just output the payload and then I can probably parse the output. Any pointers? Thanks, |
So You probably need a filter that catch the URLs. In Wireshark it would be sth like ' http == givenaddress.com '.
|
All times are GMT -5. The time now is 05:57 AM. |