Sign in to follow this  
Followers 0
shay

text file manipulation

2 posts in this topic

#1 ·  Posted (edited)

I have WireShark logs that i need to edit

i need to rearrange every packet to 1 line (log contain many packets)

i didn't find any Wireshark export format that do that.

is it possible and realistic to do that in Autoit?

one packet look like that

No. Time Source Destination Protocol Info

150532 08:22:05.237398 192.168.2.111 192.168.2.35 Test Fec Data Packet

Frame 150532 (496 bytes on wire, 496 bytes captured)

Ethernet II, Src: 12:12:12:12 (00:1d:72:8a:12::12), Dst:12:12:12:12

Internet Protocol, Src: 192.168.2.111 (192.168.2.111), Dst: 192.168.2.35 (192.168.2.35)

User Datagram Protocol, Src Port: 30 (30), Dst Port: irdmi (1234)

Test (454)

Test Data Header (20)

ID: 2

Server ID: 1879394

CTS: 1896917487

STS: 2036940

MODEM ID: 1

MODEM Packet ID: 312

PORT: 1234

Fec Header (6)

CTS: 1896917487

LEN: 17564102

aggregation (2)

Packet size : 268

RTPpackets

RTPHeader (12)

first byte:128

PT+MB:224

Sequence number :8

Time stamp:25020

SSRC:985256011

thank you in advance :)

Edited by shay

"If the facts don't fit the theory, change the facts." Albert Einstein

Share this post


Link to post
Share on other sites



In the WireShark application, go to File > Export > File and select this option...

Posted Image

...then try this code:

$input_file = FileOpen("wireshark_log.txt", 0)
If $input_file = -1 Then
    MsgBox(0, "Error", "Unable to open input file.")
    Exit
EndIf

$output_file = FileOpen("new_wireshark_log.txt", 2)
If $output_file = -1 Then
    MsgBox(0, "Error", "Unable to open output file.")
    Exit
EndIf

$WholeFile = StringReplace(FileRead($input_file), @CRLF, ","); comma delimited
;~ $WholeFile = StringReplace(FileRead($input_file), @CRLF, Chr(9)); tab delimited

$WholeFile = StringReplace($WholeFile, Chr(12), @CRLF); replace formfeed with crlf
FileWrite($output_file, $WholeFile)

FileClose($input_file)
FileClose($output_file)
You can pick comma or tab delimited output.

If the input wireshark log file is too large to be handled by the script above, other forum members may have a better way to deal with that.

~hope this helps~


[size="1"][font="Arial"].[u].[/u][/font][/size]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0