Wireshark mailing list archives
Re: Automatic test for a dissector DLL
From: Douglas Wood <doug.wood () ieee org>
Date: Tue, 14 Dec 2010 06:29:57 -0500
The way I do this is to modify the printpdml code. I had similar requirements to "flatten" the hierarchy to create something more amenable to statistical analysis. Dealing with PDML output that reaches 10 gigabytes of XML, all in one XML document, requires writing incredibly weird XML processing code. You certainly can't use DOM. It also takes a huge amount of CPU time, just dealing with XML. But, wireshark is organized to call the PDML print code with all the fields. It is very easy to "flatten" the hierarchy and choose what to keep. It is possible that the CSV print code is easier to modify and may do what you want with no modification. Either that mode did not exist when I started working my own modifications, or I just was clueless about where to get flattened data. Sent from my iPad On Dec 14, 2010, at 4:46 AM, Jaap Keuter <jaap.keuter () xs4all nl> wrote:
Hi, One way or the other you'll have to script it. Take the tshark -V output, pull it through awk/sed/perl/<your favorite tool> to see where your protocol output starts (check lines starting at start-of-line for your protocol name) and go from there (until empty line). Thanks, Jaap On Tue, 14 Dec 2010 06:11:39 +0100, Andreas <AndreasSander1 () gmx net> wrote:Am 13.12.2010 23:52, schrieb didier:tshark -V -r sample_file.pcap Unfortunately I get the whole tree. I failed to specify that only my dissector's output is reported. How can I limit the output to one protocol level. As an example the TCP level would be great (without IP, Ethernet, Frame)?tshark -T pdml -r file.pcap and filter the xml output ?Thanks. But this would also include all other protocols. But since I have to parse XML I have to "filter" anyway. So I need an XML libray to do this... -- Andy___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Automatic test for a dissector DLL news.gmane.com (Dec 13)
- Re: Automatic test for a dissector DLL Christopher Maynard (Dec 13)
- Re: Automatic test for a dissector DLL didier (Dec 13)
- Re: Automatic test for a dissector DLL Andreas (Dec 13)
- Re: Automatic test for a dissector DLL Jaap Keuter (Dec 14)
- Re: Automatic test for a dissector DLL Douglas Wood (Dec 14)
- Re: Automatic test for a dissector DLL news.gmane.com (Dec 15)
- Re: Automatic test for a dissector DLL Andreas (Dec 13)