Wireshark-bugs: [Wireshark-bugs] [Bug 1444] New TShark output format with user-defined fields
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1444
------- Comment #3 from douglas.pratley@xxxxxxxxxx 2007-03-26 08:20 GMT -------
I don't know about the separator sub-options; I'm reluctant to use whole words
as that would make it harder to extend the separator to multiple characters in
future. If it's too error-prone to use '\' on UNIX and to have to escape it,
shall we just switch to '/t' and '/s'?
*I have missed updating the full -T option information in the tshark.pod file.
This needs doing but it might be easier to send in another patch than to redo
this one. Something like the examples below would be useful.*
The purpose of the patch is to provide a new output format (so it is
independent of -V): single line record per-packet with the fields chosen by the
user, with configuration options to control separator, quoting and whether a
header line is printed. It also extends some existing options behaviour (-c and
-a:filesize) so that they affect reading a file as well as writing one, so that
only the first <n> packets or bytes are read).
e.g.
> tshark -T fields -e frame.number -e ip.host -r test.pcap -c 3
1
2 192.168.0.2
3 192.168.0.2
> tshark -T fields -e frame.number -e ip.host -r test.pcap -c 3 -Eheader=y -Equote=d -Eseparator=,
"frame.number","ip.host"
"1",
"2","192.168.0.2"
"3","192.168.0.2"
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.