Wireshark-users: [Wireshark-users] Combining Info and -T fields in tshark
From: "James Talbut" <James.Talbut@xxxxxxxxx>
Date: Sat, 20 Sep 2008 12:11:19 +0100
Hi,
I'd want to be able
to produce an easily parsable output from tshark that includes the Information
column.
I've seen this come
up in mailing lists many times, but I don't know if anyone is working on a
proper fix for it.
At the moment the -T
text output is difficult to parse - being neither fixed width nor delimited,
inserting extra "=>" between fields and padding some fields a bit, but still
leaving them variable length.
So I'd much rather
work with the -T fields output, but that doesn't include the Information
field.
My parsing (in
python) currently works, but only has one "difficult" column (info), I need to
get at thing like the http.authbasic field too.
Having had a brief
look at the code there seem to be a number of options:
1. Introduce
configurable delimiters to the -T text output.
One
easy option for this might be to introduce a new column a bit like the %cus
column but that allowed the direct placement of text
"%text:\t"
The
output would still have extraneous spaces in it, but they can easily be stripped
after the splitting.
2. Make all the
columns available as fields that -T can use: -e column.info
3. Quick fix: allow
the combination of both -T fields and -T text.
The last one seems
to be trivial to do, but the second one is, IMO, much more
desirable.
Q1. Is anyone
working on this?
Are there any
patches available? Is there even a bug for it (I couldn't find
one)?
Q2. I could make a
patch that does the third option (it would always do the fields first, and then
follow with the columns) - is there any interest in such a
patch?
I'm afraid I don't
have the time to take on either of the other options, though I'd love to see
them in there.
Thanks.
Jim
P Consider the environment. Please don't print this
email.
________________________________________________________________________
This e-mail, and any attachment, is confidential. If you have received it in error, do not use or disclose the information in any way, notify me immediately, and please delete it from your system.
________________________________________________________________________
- Prev by Date: Re: [Wireshark-users] SNTP Protocol
- Next by Date: Re: [Wireshark-users] RSK ACK
- Previous by thread: Re: [Wireshark-users] RSK ACK
- Next by thread: [Wireshark-users] Change IP
- Index(es):