Yup, we do use tshark to pipe the pcap through it and then pull out
the specific fields that we need. If all you want is to pull out
specific field types, then tshark supports command line arguments to
print out packets that match specific query criteria.
For things like email attachments (and application data), we use
custom stream assembly code to extract the attachments and display
them. You can see this at work by clicking on any TCP packet and
selecting 'Reassemble' from the Actions drop down. I dunno if tshark
supports attachment extraction easily. It's a very packet oriented
interface. Recommend that you check on the wireshark user group to see
if someone has ideas.
K.