Re: Redirecting Wireshark output through a socket

[Eloy Paris <peloy () chapus net>]

On 10/15/2009 06:32 PM, Stephen Fisher wrote:

> On Oct 15, 2009, at 12:30 PM, Jeff Morriss wrote:
>
> > In that case you should probably use 'tshark' and you could (I suppose
> > this would work on Windows) do something like:
> >
> > tshark -V -r /some/cap/file | the_other_analyzer
> >
> > though I doubt that the commercial tool will really understand this
> > output...
>
> ... and the text is subject to change occasionally

There's also Packet Details Markup Language (PDML) output, selected via 
tshark's -T option. Since it's an XML-based format it may be easier to 
parse. If the commercial tool does not understand the output then the 
original poster could write a simple application to translate PDML to 
something that the commercial tool understands. The -T option has other 
options that may be useful, so it is probably something worth looking into.

Cheers,

Eloy Paris.-
netexpect.org
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe