text file manipulation

[shay]

I have WireShark logs that i need to edit

i need to rearrange every packet to 1 line (log contain many packets)

i didn't find any Wireshark export format that do that.

is it possible and realistic to do that in Autoit?

one packet look like that

No. Time Source Destination Protocol Info

150532 08:22:05.237398 192.168.2.111 192.168.2.35 Test Fec Data Packet

Frame 150532 (496 bytes on wire, 496 bytes captured)

Ethernet II, Src: 12:12:12:12 (00:1d:72:8a:12::12), Dst:12:12:12:12

Internet Protocol, Src: 192.168.2.111 (192.168.2.111), Dst: 192.168.2.35 (192.168.2.35)

User Datagram Protocol, Src Port: 30 (30), Dst Port: irdmi (1234)

Test (454)

Test Data Header (20)

ID: 2

Server ID: 1879394

CTS: 1896917487

STS: 2036940

MODEM ID: 1

MODEM Packet ID: 312

PORT: 1234

Fec Header (6)

CTS: 1896917487

LEN: 17564102

aggregation (2)

Packet size : 268

RTPpackets

RTPHeader (12)

first byte:128

PT+MB:224

Sequence number :8

Time stamp:25020

SSRC:985256011

thank you in advance

Edited May 24, 2009 by shay

[herewasplato]

In the WireShark application, go to File > Export > File and select this option...

...then try this code:

$input_file = FileOpen("wireshark_log.txt", 0)
If $input_file = -1 Then
    MsgBox(0, "Error", "Unable to open input file.")
    Exit
EndIf

$output_file = FileOpen("new_wireshark_log.txt", 2)
If $output_file = -1 Then
    MsgBox(0, "Error", "Unable to open output file.")
    Exit
EndIf

$WholeFile = StringReplace(FileRead($input_file), @CRLF, ","); comma delimited
;~ $WholeFile = StringReplace(FileRead($input_file), @CRLF, Chr(9)); tab delimited

$WholeFile = StringReplace($WholeFile, Chr(12), @CRLF); replace formfeed with crlf
FileWrite($output_file, $WholeFile)

FileClose($input_file)
FileClose($output_file)

You can pick comma or tab delimited output.

If the input wireshark log file is too large to be handled by the script above, other forum members may have a better way to deal with that.

~hope this helps~