Wireshark · Wireshark-dev: Re: [Wireshark-dev] Possible New Option for Tshark?

Wireshark-dev: Re: [Wireshark-dev] Possible New Option for Tshark?

From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>

Date: Fri, 22 Oct 2010 22:43:50 -0600

On Thu, Oct 21, 2010 at 03:29:36PM -0500, Craig Votava wrote:

> I wrote a Perl script that feeds pcap data to an instance of tshark 
> running in a child process, then takes the decoded output to present 
> to the user.
> 
> The problem is that I don't know when tshark is done sending output 
> back to me.

How about using "pdml" or "psml" with the -T option.  From the tshark 
man page:

  pdml Packet Details Markup Language, an XML-based format for the 
  details of a decoded packet. This information is equivalent to the 
  packet details printed with the -V flag.

  psml Packet Summary Markup Language, an XML-based format for the 
  summary information of a decoded packet. This information is 
  equivalent to the information shown in the one-line summary printed by 
  default.

Follow-Ups:
- Re: [Wireshark-dev] Possible New Option for Tshark?
  - From: Guy Harris

References:
- [Wireshark-dev] Possible New Option for Tshark?
  - From: Craig Votava

Prev by Date: Re: [Wireshark-dev] When I use gdb to debug wireshark,error occurs
Next by Date: Re: [Wireshark-dev] Possible New Option for Tshark?
Previous by thread: [Wireshark-dev] Possible New Option for Tshark?
Next by thread: Re: [Wireshark-dev] Possible New Option for Tshark?
Index(es):
- Date
- Thread