Wireshark-users: Re: [Wireshark-users] tshark and export as PDML

From: Sake Blok <sake@xxxxxxxxxx>
Date: Tue, 9 Sep 2008 18:29:26 +0200
On Tue, Sep 09, 2008 at 03:25:49PM +0200, Simon Bouland wrote:
> 
> I'm looking for using the functionality of export as PDML, but in 
> command line.
> 
> I have some records of capture that  i would like to analyze with 
> another soft. So, i m doing manually :
> 1- filtering
> 2- export with dial box in order to transfer data by xml files.
> 
> I would like to script this job for processing all my captures
> I read the man page of tshark and didn't find how to do.
> Is this possible and best do you know how ?

Yes, this is possible, try something like:

tshark -r <tracefile> -R "<display-filter>" -T pdml 

And then redirect your output either to file or directly to
this other software.


> In other hand, my company made an evolution of "idl2wrs" which translate 
> correctly enums and use structure presentation.How can we share this 
> with the community ?

That question might be best asked on the Wireshark Development list. 
If you have a patch ready already, you might want to file an 
"enhancement" request on http://bugs.wireshark.org/bugzilla/

Cheers,
    Sake