Re: [Wireshark-users] Binary vs. Ascii data display

Mon, 17 Dec 2007 08:49:48 -0800 

I think TShark can already do what you want (parsing a capture file into
ASCII); I think this feature went into 0.99.6.
 
Check out the -Tfields, -E and -e switches
 
tshark -r<file> -e frame.time -e frame.time_delta -e
frame.time_delta_displayed -e frame.time_relative -e frame.number ...

This will print out a CSV file with the given field values, one line per
packet.

Cheers

Doug

________________________________

        From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Yoav Newman
        Sent: 17 December 2007 16:30
        To: Community support list for Wireshark
        Subject: Re: [Wireshark-users] Binary vs. Ascii data display
        
        
        Dear Bae,
         
        Thanks for the answer. The things I'm looking for is to manually
identify each binary fiels vs. its ascii value. 
        (e.g. the binary format fields which represent the "Arrival
time" value, etc...)
        The idea is to make an automatic tool which can parse a
Windshark binary capture file into its ASCII values.
         
        Thanks again
         
        Yoav Newman   
        
         
        On 12/17/07, Hansang Bae <[EMAIL PROTECTED]> wrote: 

                Yoav Newman wrote:
                > Dear Windshark users:
                >
                > I need your help in order to be able to parse the
"Wireshark" binary 
                > data into the below ascii filelds (see enclosed file):
                > (another word, to identify each binary field versus
its ASCII value)
                >
                > Fields are:
                > - Arrival time
                > - Time delta from previous capture 
                > - Time delta from previous displayed
                > - time since reference
                > - frame number
                > - frame length
                > - capture length
                >
                
                So you just want to get the above values into an ascii
file?   If so, 
                add the appropriate columns, (edit, preference, User
interface, Columns)
                
                then just print it out (file, print, check Out to File;
check just the
                Packet Summary Line)
                
                --
                
                Thanks,
                Hansang
                _______________________________________________ 
                Wireshark-users mailing list
                Wireshark-users@wireshark.org
        
http://www.wireshark.org/mailman/listinfo/wireshark-users
<http://www.wireshark.org/mailman/listinfo/wireshark-users> 
                





This message should be regarded as confidential. If you have received this 
email in error please notify the sender and destroy it immediately.
Statements of intent shall only become binding when confirmed in hard copy by 
an authorised signatory.  The contents of this email may relate to dealings 
with other companies within the Detica Group plc group of companies.

Detica Limited is registered in England under No: 1337451.

Registered offices: Surrey Research Park, Guildford, Surrey, GU2 7YP, England.


_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users

Reply via email to