diff options
Diffstat (limited to 'doc/README.xml-output')
| -rw-r--r-- | doc/README.xml-output | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/doc/README.xml-output b/doc/README.xml-output index a2818c0cfb..31fd6e2006 100644 --- a/doc/README.xml-output +++ b/doc/README.xml-output @@ -2,25 +2,32 @@ Protocol Dissection in XML Format ================================= Copyright (c) 2003 by Gilbert Ramirez <gram@alumni.rice.edu> - Wireshark has the ability to export its protocol dissection in an -XML format, tshark has similar functionality by using the "-Tpdml" -option. +XML format, tshark has similar functionality by using the "-Tpdml" +option. The XML that wireshark produces follows the Packet Details Markup Language (PDML) specified by the group at the Politecnico Di Torino -working on Analyzer. The specification can be found at: +working on Analyzer. The specification was found at: http://analyzer.polito.it/30alpha/docs/dissectors/PDMLSpec.htm -That URL is not functioning any more, but a copy can be found at: +That URL is not working any more, but a copy can be found at: http://gd.tuwien.ac.at/.vhost/analyzer.polito.it/docs/dissectors/PDMLSpec.htm +or at the internet archive: + +https://web.archive.org/web/20050305174853/http://analyzer.polito.it/30alpha/docs/dissectors/PDMLSpec.htm + +This is similar to the NetPDL language specification: + +http://www.nbee.org/doku.php?id=netpdl:index + A related XML format, the Packet Summary Markup Language (PSML), is also defined by the Analyzer group to provide packet summary information. The PSML format is not documented in a publicly-available HTML document, -but its format is simple. Wireshark can export this format too. Some day it +but its format is simple. Wireshark can export this format too. Some day it may be added to tshark so that "-Tpsml" would produce PSML. One wonders if the "-T" option should read "-Txml" instead of "-Tpdml" @@ -32,7 +39,7 @@ PDML ==== The PDML that wireshark produces is known not to be loadable into Analyzer. It causes Analyzer to crash. As such, the PDML that wireshark produces -is be labeled with a version number of "0", which means that the PDML does +is labeled with a version number of "0", which means that the PDML does not fully follow the PDML spec. Furthermore, a creator attribute in the "<pdml>" tag gives the version number of wireshark/tshark that produced the PDML. In that way, as the PDML produced by wireshark matures, but still does not @@ -136,8 +143,6 @@ In PDML, the "Data" protocol would become another field under HTTP: </proto> </packet> - - tools/WiresharkXML.py ==================== This is a python module which provides some infrastructure for @@ -203,10 +208,17 @@ the PDML output of tshark, pass a read filter with "-R" to tshark to try to reduce as much as possible the number of packets coming out of tshark. The less your script has to process, the faster it will be. -'tools/msnchat' is a sample Python program that uses WiresharkXML to parse +tools/msnchat +============= +tools/msnchat is a sample Python program that uses WiresharkXML to parse PDML. Given one or more capture files, it runs tshark on each of them, providing a read filter to reduce tshark's output. It finds MSN Chat conversations in the capture file and produces nice HTML showing the conversations. It has only been tested with capture files containing non-simultaneous chat sessions, but was written to more-or-less handle any number of simultaneous chat sessions. + +pdml2html.xsl +============= +pdml2html.xsl is a XSLT file to convert PDML files into HTML. +See https://wiki.wireshark.org/PDML for more details. |