From 3a5ac67b8b9a1a33235fd254dee11c4415b1a897 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Sun, 11 Jan 2015 00:03:36 +0100
Subject: [PATCH] Clarification of tshark usage

---
 README.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8399e9b..2e3ce80 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,13 @@ cd capture
 ls -1 . | parallel --gnu "cat {1} | tshark -E header=yes -E separator=, -Tfields -e http.server -r {1} | python ./bin/import.py  -f {1} "
 ```
 
-## Redis datastructure
+You can add additional attributes like any fields from the dissectors available within tshark (tshark -G fields). You can add additional fields in the command above. This will update the redis data structure. Then when you have enough attributes, you can dump a graph out of the relationships between the attributes and the malware packet captures.
+
+```shell
+python ./bin/graph.py
+```
+
+## Redis data structure
 
 ![An overview of the Redis data structure used in MalwareClassifier](https://raw.github.com/adulau/MalwareClassifier/master/doc/redis-datastruct.png)
 ## Notes for the student