Wireshark · Wireshark-users: Re: [Wireshark-users] Binary vs. Ascii data display

Wireshark-users: Re: [Wireshark-users] Binary vs. Ascii data display

From: "Douglas Pratley" <Douglas.pratley@xxxxxxxxxx>

Date: Mon, 17 Dec 2007 16:49:19 -0000

I think TShark can already do what you want (parsing a capture file into
ASCII); I think this feature went into 0.99.6.
 
Check out the -Tfields, -E and -e switches
 
tshark -r<file> -e frame.time -e frame.time_delta -e
frame.time_delta_displayed -e frame.time_relative -e frame.number ...

This will print out a CSV file with the given field values, one line per
packet.

Cheers

Doug

________________________________

	From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Yoav Newman
	Sent: 17 December 2007 16:30
	To: Community support list for Wireshark
	Subject: Re: [Wireshark-users] Binary vs. Ascii data display
	
	
	Dear Bae,
	 
	Thanks for the answer. The things I'm looking for is to manually
identify each binary fiels vs. its ascii value. 
	(e.g. the binary format fields which represent the "Arrival
time" value, etc...)
	The idea is to make an automatic tool which can parse a
Windshark binary capture file into its ASCII values.
	 
	Thanks again
	 
	Yoav Newman   
	
	 
	On 12/17/07, Hansang Bae <hbae@xxxxxxxxxx> wrote: 

		Yoav Newman wrote:
		> Dear Windshark users:
		>
		> I need your help in order to be able to parse the
"Wireshark" binary 
		> data into the below ascii filelds (see enclosed file):
		> (another word, to identify each binary field versus
its ASCII value)
		>
		> Fields are:
		> - Arrival time
		> - Time delta from previous capture 
		> - Time delta from previous displayed
		> - time since reference
		> - frame number
		> - frame length
		> - capture length
		>
		
		So you just want to get the above values into an ascii
file?   If so, 
		add the appropriate columns, (edit, preference, User
interface, Columns)
		
		then just print it out (file, print, check Out to File;
check just the
		Packet Summary Line)
		
		--
		
		Thanks,
		Hansang
		_______________________________________________ 
		Wireshark-users mailing list
		Wireshark-users@xxxxxxxxxxxxx
	
http://www.wireshark.org/mailman/listinfo/wireshark-users
<http://www.wireshark.org/mailman/listinfo/wireshark-users> 
		





This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately.
Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory.  The contents of this email may relate to dealings with other companies within the Detica Group plc group of companies.

Detica Limited is registered in England under No: 1337451.

Registered offices: Surrey Research Park, Guildford, Surrey, GU2 7YP, England.

Prev by Date: Re: [Wireshark-users] Binary vs. Ascii data display
Next by Date: Re: [Wireshark-users] Err Duplicate protocol filter_name "bcp"!
Previous by thread: Re: [Wireshark-users] Binary vs. Ascii data display
Next by thread: [Wireshark-users] Problem with decoding TCP payload
Index(es):
- Date
- Thread