![Wireshark filter http and https](https://cdn1.cdnme.se/5447227/9-3/screenshot_7_64e629489606ee7f9d1b7a79.jpg)
Using the previous command to extract er_agent, this time extracting from a pcap rather than off the live interface. Parse User Agents and Frequency with Standard Shell Commands We could also use the parameter -E seperator=, to change the delimiter to a comma.
![wireshark filter http and https wireshark filter http and https](https://linuxhint.com/wp-content/uploads/2019/09/2.png)
The default separator for the fields in the output above is TAB. Tshark -i wlan0 -Y http.request -T fields -e http.host -e er_agent Mozilla/5.0 (X11 Ubuntu Linux x86_64 rv:36.0) Gecko/20100101 Firefox/36.0
![wireshark filter http and https wireshark filter http and https](https://samsclass.info/152/proj/p9vt4.png)
Using the -T we specify we want to extract fields, and with the -e options we identify which fields we want to extract. In the following example, we extract data from any HTTP requests that are seen. Capture Packets with Tshark tshark -i wlan0 -w capture-output.pcap Read a Pcap with Tshark tshark -r capture-output.pcap HTTP Analysis with Tshark As you can see, the syntax for capturing and reading a pcap is very similar to tcpdump.
![wireshark filter http and https wireshark filter http and https](https://unit42.paloaltonetworks.com/wp-content/uploads/2020/08/word-image-12.jpeg)
Use these as the basis for starting to build your extraction commands.
![Wireshark filter http and https](https://cdn1.cdnme.se/5447227/9-3/screenshot_7_64e629489606ee7f9d1b7a79.jpg)