Hi, I use tshark to get tcp stream in ascii format by using tshark -r read.pcap -z follow,tcp,stream,1 -q I want to output the the http request and response in pdml format. (or in xml format) like <conn srcip="0.0.0.0" dstip="0.0.0.0"/><msg proto="http"><field method=""> and so on.
Can any one help me how to access the code of tshark to output the protocol tree while following the tcp stream?
asked 05 Dec '12, 06:42
By using the option
So, if you need PDML output of stream 1, I suggest to use this:
This will output every packet of that stream #1 in PDML format, including the payload data (field name="tcp.data"). So, you will get the PDML output, and if you need the same output that
Does that help?
answered 05 Dec '12, 11:59
Kurt Knochner ♦