Hi guys
This patch adds a new output format for TShark. This format
displays arbitrary fields selected by the user, one line per packet,
user-specified separator and quotes.
With some trepidation, I have ignored Gerald’s
suggestion that it could be done by modifying only the -Toption, because I want
to be able to specify the separator quite arbitrarily, and can’t think of
a good way to wrap that up in one string along with the fields.
So the new options look like:
-Tfields –Eheader=y –Eseparator=, -Equote=n –e
frame.number –e ip.addr –e udp
(-E options controlling format, -e field to print).
If desired, the –Tpdml option could be extended to be controlled
by –e as well.
The patch also extends the behaviour of the –c and –a:filesize
options. When reading a capture file, these are now allowed and control how much
of the file is read (e.g. –c128 reads the first 128 packets). This applies
only to TShark, as the code for reading / writing in Wideshark is more widely
distributed and I didn’t have the time to analyze it fully.
Cheers
Doug
__________________________________________
Douglas Pratley
t +44 845 050 7640 | f
+44 845 644 5436
a Detica | PO
Box 383 | Horley | Surrey | RH6 7WX | UK
______________________________________________
www.detica.com
