Wireshark · Wireshark-dev: [Wireshark-dev] [PATCH] TShark input and output options

["Douglas Pratley" <Douglas.pratley@xxxxxxxxxx>]

Hi guys

 

This patch adds a new output format for TShark. This format displays arbitrary fields selected by the user, one line per packet, user-specified separator and quotes.

 

With some trepidation, I have ignored Gerald’s suggestion that it could be done by modifying only the -Toption, because I want to be able to specify the separator quite arbitrarily, and can’t think of a good way to wrap that up in one string along with the fields.

 

So the new options look like:

 

-Tfields –Eheader=y –Eseparator=, -Equote=n –e frame.number –e ip.addr –e udp

 

(-E options controlling format, -e field to print).

If desired, the –Tpdml option could be extended to be controlled by –e as well.

 

The patch also extends the behaviour of the –c and –a:filesize options. When reading a capture file, these are now allowed and control how much of the file is read (e.g. –c128 reads the first 128 packets). This applies only to TShark, as the code for reading / writing in Wideshark is more widely distributed and I didn’t have the time to analyze it fully.

 

Cheers

 

Doug

 

__________________________________________
Douglas Pratley
t +44 845 050 7640 | f +44 845 644 5436
a Detica | PO Box 383 | Horley | Surrey | RH6 7WX | UK
______________________________________________
www.detica.com

 

This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately.
Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies within the Detica Group plc group of companies.

Detica Limited is registered in England under No: 1337451.

Registered offices: Surrey Research Park, Guildford, Surrey, GU2 7YP, England.

Attachment: wp3_tshark.diff
Description: wp3_tshark.diff