How to configure the output of Tshark .psml file

Question

I am creating a simple packet analyzer in Python in which analyzes Tshark .xml output files.

Tshark (command line equivalent of Wireshark) has a feature which allows to output all the packets to the .psml file (Packet Summary Markup Language). In Wireshark I can configure the contents of the exported .psml file by adding/removing tabs in the GUI. However, I can't find any option to do this by using a command line in Tshark.

Sample output from Wireshark:

<?xml version="1.0"?>
<psml version="0" creator="wireshark/2.0.0">
<structure>
<section>No.</section>
<section>Time</section>
<section>Source</section>
<section>Destination</section>
<section>Protocol</section>
<section>Length</section>
<section>Info</section>
<section>dBm</section>
</structure>
<packet>
<section>1</section>
<section>0.000000</section>
<section>xx:xx:xx:xx:xx:xx</section>
<section>Broadcast</section>
<section>802.11</section>
<section>223</section>
<section>Beacon frame, SN=1524, FN=0, Flags=……..C, BI=100, SSID=xxx</section>
<section>4294967260 dBm</section>
</packet>

In Tshark I am getting the output without the section dBm (IEEE 802.11 RSSI). How to configure Tshark to get this data in .psml file?

Answer 1

tshark is using the same fields/columns that Wireshark is using in the default (current) profile. So if you want to change the output of tshark PSML, you can do one of the following things.

modify the columns in Wireshark and save the profile
edit the preferences file directly (%APPDATA%/Wireshark/preferences - entry: gui.column.format:)
use tsharks column format (see tshark -G column-formats)

An alternative would be to use PDML (-T pdml), which is much more 'chatty', meaning it prints more (is not all) fields or tshark -V.

Regards
Kurt