I want to be able to capture SIP traffic and save the trace as XML file with an specific format , there is any way to do this with just wireshark - tshark commands ? FYI this will run in a Centos server . The only way i found to create the specific format is by running a Perl script to format the XML file but is would be way better if I could do all with just wireshark?
Thanks
Tshark has options to convert a PCAP file to Text. Or you could capture it in a PDML or PSML format and then have a converter routine to your own XML format. And considering that wireshark if modifiable, you could tweak a plugin to do this differently. But i more inclined to build a converter process that parses the native pcap to what you like. So your raw data has all the information and you can freely keep changing the converter routine.
For Text Conversion -
tshark -V -r -T pdml "17c4d2c0-69cd-11e4-ae3e-9d5dee8b7eac.pcap" > capture.xml
For Capture as PDML / PSML -
tshark -T pdml
I am inclined to think that there could be options to directly covert to PSML like the Text converter from the PCAP.