Hi everyone. I am trying to automate a repetitive manual process for which I use WireShark:
1) Load a given pcap file
2) Apply a simple filter for a given protocol
3) Use the export dialog box to export the displayed packets to CSV file
4) Use the export dialog box to export the displayed packets in XML PDML form.
This is tedious, and requires human involvement in the middle of a process that is mostly automated (including the analysis of the files to produce reports).
Is there some way to either automate Wireshark, or do somehow access the underlying libraries used for export?
UPDATE: As several people here indicated, TShark turns out to be the way to go. The exact command line I ended up using is:
tshark -r MyDataFile.pcap -T pdml -R MyProtocol > MyOutputFile.xml\
I then use an event based XML parser (Python's expat) to parse the generated 2GB file