On Mon, Dec 17, 2007 at 06:30:10PM +0200, Yoav Newman wrote:
> Dear Bae,
>
> Thanks for the answer. The things I'm looking for is to manually identify
> each binary fiels vs. its ascii value.
> (e.g. the binary format fields which represent the "Arrival time" value,
> etc...)
> The idea is to make an automatic tool which can parse a Windshark binary
> capture file into its ASCII values.
That tool has already been written for you and is called "tshark", it
comes with the Wireshark distribution :-)
One of it's features is to specify which fields to output by using the
-Tfields option in combination with the -e <fieldname> -e <fieldname> ...
So something like :
tshark -r <Wireshark Binary Capture> -T fields -e frame.number -e frame.time ...
will get you what you want :-)
Hope this helps,
Cheers,
Sake
