Wireshark mailing list archives

Re: Automatic test for a dissector DLL

From: Douglas Wood <doug.wood () ieee org>
Date: Tue, 14 Dec 2010 06:29:57 -0500

The way I do this is to modify the printpdml code.  I had similar requirements to "flatten" the hierarchy to create 
something more amenable to statistical analysis.  Dealing with PDML output that reaches 10 gigabytes of XML, all in one 
XML document, requires writing incredibly weird XML processing code.  You certainly can't use DOM.  It also takes a 
huge amount of CPU time, just dealing with XML.

But, wireshark is organized to call the PDML print code with all the fields.  It is very easy to "flatten" the 
hierarchy and choose what to keep.  It is possible that the CSV print code is easier to modify and may do what you want 
with no modification.  Either that mode did not exist when I started working my own modifications, or I just was 
clueless about where to get flattened data.

Sent from my iPad

On Dec 14, 2010, at 4:46 AM, Jaap Keuter <jaap.keuter () xs4all nl> wrote:

Hi,

One way or the other you'll have to script it.
Take the tshark -V output, pull it through awk/sed/perl/<your favorite
tool> 
to see where your protocol output starts (check lines starting at
start-of-line
for your protocol name) and go from there (until empty line).

Thanks,
Jaap

On Tue, 14 Dec 2010 06:11:39 +0100, Andreas <AndreasSander1 () gmx net>
wrote:

Am 13.12.2010 23:52, schrieb didier:

tshark -V -r sample_file.pcap

Unfortunately I get the whole tree. I failed to specify that only my
dissector's output is reported.

How can I limit the output to one protocol level. As an example the TCP
level would be great (without IP, Ethernet, Frame)?

tshark -T pdml -r file.pcap
and filter the xml output ?


Thanks. But this would also include all other protocols. But since I 
have to parse XML I have to "filter" anyway. So I need an XML libray to 
do this...

--
Andy


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Automatic test for a dissector DLL news.gmane.com (Dec 13)
- Re: Automatic test for a dissector DLL Christopher Maynard (Dec 13)
- Re: Automatic test for a dissector DLL didier (Dec 13)
  - Re: Automatic test for a dissector DLL Andreas (Dec 13)
    - Re: Automatic test for a dissector DLL Jaap Keuter (Dec 14)
    - Re: Automatic test for a dissector DLL Douglas Wood (Dec 14)
    - Re: Automatic test for a dissector DLL news.gmane.com (Dec 15)