diff options
author | Peter Wu <peter@lekensteyn.nl> | 2014-09-29 14:51:04 +0200 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2014-09-29 14:51:04 +0200 |
commit | f3aa7bcc59bd4cd697a84009bb8e447ee5b78fcd (patch) | |
tree | 821ac06bb8dacf087f553e22c3944fbe80de0a22 /tshark-http2urls.awk | |
parent | 437e36be81de4985cd9100fac4a91f1d4f131661 (diff) | |
download | wireshark-notes-f3aa7bcc59bd4cd697a84009bb8e447ee5b78fcd.tar.gz |
tshark-http2urls.awk: helper to retrieve HTTP info
Prints Last-Modified, Content-Length and URL for tshark -O http output.
Used for analyzing a vc_web install capture.
Diffstat (limited to 'tshark-http2urls.awk')
-rwxr-xr-x | tshark-http2urls.awk | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/tshark-http2urls.awk b/tshark-http2urls.awk new file mode 100755 index 0000000..3103c8e --- /dev/null +++ b/tshark-http2urls.awk @@ -0,0 +1,62 @@ +#!/usr/bin/awk -f +# Shows URLs from a tshark -O http dump +BEGIN { + FS = "[ :]+"; + OFS = "\t"; +} +function find(regex, haystack) { + haystack = $0; + regex = "^ *\\[" regex ": "; + if (haystack ~ regex) { + sub(regex, "", haystack); sub(/\]$/, "", haystack); + $0 = haystack; + return 1; + } + return 0; +} + +/^Frame / { + frame_no = $2; + in_request = 0; + in_response = 0; +} +next_http { + if ($2 ~ /^HTTP\//) { # response + if ($3 == 200) { + in_request = 0; + in_response = 1; + } + } else { # request + if ($2 == "GET") { + in_request = 1; + in_response = 0; + } + } + next_http = 0; +} +/^Hypertext Transfer Protocol/ { next_http = 1; } + +in_request && find("Full request URI") { + urls[frame_no] = $0; +} +in_response { + n = split("Content-Length Last-Modified", header_names, " "); + for (i = 1; i <= n; i++) { + header_name = header_names[i]; + if ($2 == header_name) { + sub("^ *" header_name ": ", ""); sub(/\\r\\n$/, ""); + headers[header_name, frame_no] = $0; + } + } +} +# Print response if a request matched this frame number +in_response && find("Request in frame") && urls[$1] { + req_frame_no = $1; + #printf("%-7d ", frame_no); + printf("%10d %-29s %s\n", + headers["Content-Length", frame_no], + headers["Last-Modified", frame_no], + urls[req_frame_no]); +} + +# vim: set sw=4 et ts=4: |