Question

我真的需要你的帮助。我运行了tshark -T pdml＆gt;＆gt; output.xml，以获取XML文件以进行分析。这是输出。请注意，大部分输出都被省略了。

＆＃13;

<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="pdml2html.xsl"?>
<!-- You can find pdml2html.xsl in /usr/share/wireshark or at http://anonsvn.wireshark.org/trunk/wireshark/pdml2html.xsl. -->
<pdml version="0" creator="wireshark/1.8.5" time="Sun May 10 00:54:17 2015" capture_file="">
<packet>
  <proto name="geninfo" pos="0" showname="General information" size="95">
    <field name="num" pos="0" show="1" showname="Number" value="1" size="95"/>
    <field name="len" pos="0" show="95" showname="Frame Length" value="5f" size="95"/>
    <field name="caplen" pos="0" show="95" showname="Captured Length" value="5f" size="95"/>
    <field name="timestamp" pos="0" show="May 10, 2015 00:54:22.331549000 EEST" showname="Captured Time" value="1431208462.331549000" size="95"/>
  </proto>
  <proto name="frame" showname="Frame 1: 95 bytes on wire (760 bits), 95 bytes captured (760 bits) on interface 0" size="95" pos="0">
    <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/>
    <field name="frame.dlt" showname="WTAP_ENCAP: 1" size="0" pos="0" show="1"/>
    <field name="frame.time" showname="Arrival Time: May 10, 2015 00:54:22.331549000 EEST" size="0" pos="0" show="May 10, 2015 00:54:22.331549000"/>
    <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
    <field name="frame.time_epoch" showname="Epoch Time: 1431208462.331549000 seconds" size="0" pos="0" show="1431208462.331549000"/>
    <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
    <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
    <field name="frame.time_relative" showname="Time since reference or first frame: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
    <field name="frame.number" showname="Frame Number: 1" size="0" pos="0" show="1"/>
    <field name="frame.len" showname="Frame Length: 95 bytes (760 bits)" size="0" pos="0" show="95"/>
    <field name="frame.cap_len" showname="Capture Length: 95 bytes (760 bits)" size="0" pos="0" show="95"/>
    <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/>
    <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/>
    <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:ssl" size="0" pos="0" show="eth:ip:tcp:ssl"/>
  </proto>
 
</packet>
<packet>
  <proto name="geninfo" pos="0" showname="General information" size="95">
    <field name="num" pos="0" show="2" showname="Number" value="2" size="95"/>
    <field name="len" pos="0" show="95" showname="Frame Length" value="5f" size="95"/>
    <field name="caplen" pos="0" show="95" showname="Captured Length" value="5f" size="95"/>
    <field name="timestamp" pos="0" show="May 10, 2015 00:54:22.331711000 EEST" showname="Captured Time" value="1431208462.331711000" size="95"/>
  </proto>
  <proto name="frame" showname="Frame 2: 95 bytes on wire (760 bits), 95 bytes captured (760 bits) on interface 0" size="95" pos="0">
    <field name="frame.interface_id" showname="Interface id: 0" size="0" pos="0" show="0"/>
    <field name="frame.dlt" showname="WTAP_ENCAP: 1" size="0" pos="0" show="1"/>
    <field name="frame.time" showname="Arrival Time: May 10, 2015 00:54:22.331711000 EEST" size="0" pos="0" show="May 10, 2015 00:54:22.331711000"/>
    <field name="frame.offset_shift" showname="Time shift for this packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
    <field name="frame.time_epoch" showname="Epoch Time: 1431208462.331711000 seconds" size="0" pos="0" show="1431208462.331711000"/>
    <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000162000 seconds" size="0" pos="0" show="0.000162000"/>
    <field name="frame.time_delta_displayed" showname="Time delta from previous displayed frame: 0.000162000 seconds" size="0" pos="0" show="0.000162000"/>
    <field name="frame.time_relative" showname="Time since reference or first frame: 0.000162000 seconds" size="0" pos="0" show="0.000162000"/>
    <field name="frame.number" showname="Frame Number: 2" size="0" pos="0" show="2"/>
    <field name="frame.len" showname="Frame Length: 95 bytes (760 bits)" size="0" pos="0" show="95"/>
    <field name="frame.cap_len" showname="Capture Length: 95 bytes (760 bits)" size="0" pos="0" show="95"/>
    <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/>
    <field name="frame.ignored" showname="Frame is ignored: False" size="0" pos="0" show="0"/>
    <field name="frame.protocols" showname="Protocols in frame: eth:ip:tcp:ssl" size="0" pos="0" show="eth:ip:tcp:ssl"/>
  </proto>
  
</packet>
</pdml>

＆＃13;

现在我真的想用SAX来分析这个问题，我现在做了所有必需的问题。当我运行程序时它只显示它。

＆＃13;

Starting
<pdml>
<packet>
  <proto>
    <field></field>
    <field></field>
    <field></field>
    <field></field>
  </proto>
  <proto>
    <field></field>
    <field></field>
    <field></field>
    <field></field>
    <field></field>
    <field></field>
    <field></field>
    <field></field>
    <field></field>
    <field></field>
    <field></field>
    <field></field>
    <field></field>
    <field></field>
  </proto>
 
</packet>

＆＃13;

＆＃13; 任何帮助都是极好的！我需要读取frame.number和frame.len。

Java读取TShark XML文件

0 个答案: