On Fri, May 02, 2008 at 01:19:00PM -0700, Barry Constantine wrote:
>
> Right now, I do basic packet filtering at the command line tshark and
> output to plain text file. Then I wrote a simple perl script to further
> filter out the fields of interest.
Have you taken a look at the "-T fields" output format of tshark?
>From "tshark -h":
-T pdml|ps|psml|text|fields
format of text output (def: text)
-e <field> field to print if -Tfields selected (e.g. tcp.port);
this option can be repeated to print multiple fields
-E<fieldsoption>=<value> set options for output when -Tfields selected:
header=y|n switch headers on and off
separator=/t|/s|<char> select tab, space, printable character as separator
quote=d|s|n select double, single, no quotes for values
Cheers,
Sake