Wireshark mailing list archives
Re: Possible New Option for Tshark?
From: Stephen Fisher <steve () stephen-fisher com>
Date: Tue, 26 Oct 2010 09:17:47 -0600
On Mon, Oct 25, 2010 at 08:45:33AM -0500, Craig Votava wrote:
My tool is a real-time GUI for analyzing trace output. When the user clicks on a message, I want a selected portion of the ASCII tshark output (the meat of the message without the IP headers) slapped up in a window quickly.
Have you taken a look at rawshark, which comes with Wireshark? I've never worked with it, but figured that I would let you know it exists in case it could be helpful. From rawshark.c: /* * Rawshark does the following: * - Opens a specified file or named pipe * - Applies a specfied DLT or "decode as" encapsulation * - Reads frames prepended with a libpcap packet header. * - Prints a status line, followed by fields from a specified list. */ ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Possible New Option for Tshark? Craig Votava (Oct 22)
- Re: Possible New Option for Tshark? Stephen Fisher (Oct 22)
- Re: Possible New Option for Tshark? Guy Harris (Oct 22)
- Re: Possible New Option for Tshark? Mark Landriscina (Oct 24)
- Re: Possible New Option for Tshark? Guy Harris (Oct 22)
- <Possible follow-ups>
- Re: Possible New Option for Tshark? Craig Votava (Oct 26)
- Re: Possible New Option for Tshark? Stephen Fisher (Oct 26)
- Re: Possible New Option for Tshark? Stephen Fisher (Oct 22)