Re: Possible New Option for Tshark?

[Guy Harris <guy () alum mit edu>]

On Oct 22, 2010, at 9:43 PM, Stephen Fisher wrote:

> On Thu, Oct 21, 2010 at 03:29:36PM -0500, Craig Votava wrote:
>
> > I wrote a Perl script that feeds pcap data to an instance of tshark 
> > running in a child process, then takes the decoded output to present 
> > to the user.
> >
> > The problem is that I don't know when tshark is done sending output 
> > back to me.
>
> How about using "pdml" or "psml" with the -T option.

...especially given that the default ("-T text") output of TShark is designed for humans, not programs, to read.  If 
your program can read it, great, but if it's easier for it to read PSML or PDML....

(Yes, I know about the UNIX philosophy with respect to program output.  At times, it can lead to output that's 
suboptimal for humans to read but not *quite* as parsable by software as one might like, i.e. it can sacrifice human 
readability without gaining sufficient program readability to make up for it - sometimes you might as well just have 
two separate formats and be done with it.)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe