On Thu, Apr 11, 2002 at 12:43:15PM +0100, Alistair.McGlinchy@xxxxxxxxxxxxxxxxxxxxx wrote:
> This works on Windows NT with Perl V5.6 but is probably easily ported to any
> other system. It is highly dependant on the syntax of the -V output, so will
> probably not work should Ethereal developers tweak the output format.
The correct answer there is probably to add a new printout format to
Ethereal and Tethereal, which would look something like:
frame:
frame.time: May 19, 1999 17:48:39.708517000
frame.time_delta: 0.000000000
frame.time_relative: 0.000000000
frame.number: 1
frame.pkt_len: 60 bytes
frame.cap_len: 60 bytes
eth:
eth.dst: ff:ff:ff:ff:ff:ff
eth.src: 00:e0:52:80:76:00
eth.type: 0x0806
eth.trailer: 000000000000000000000000000000000000
arp:
arp.hw.type: 0x0001
arp.proto.type: 0x0800
arp.hw.size: 6
arp.proto.size: 4
arp.opcode: 0x0001
arp.src.hw_mac: 00:e0:52:80:76:00
arp.src.proto_ipv4: 666.666.666.666
arp.dst.hw_mac: 00:00:00:00:00:00
arp.dst.proto_ipv4: 666.666.666.255
i.e.:
for named fields that have values, give the field name, a colon,
and its value, printed out in a simple undecorated form (no
translation of addresses to names, no translation of enumerated
fields to names);
for named fields that don't have values (such as the top-level
protocol tree items), give the field name;
leaving out items in the tree that *aren't* named fields, so that nobody
gets to write scripts to parse that stuff, and thus nobody gets to write
scripts that depend on the way the stuff is displayed to the user, so we
can change that without breaking scripts that parse that format.