Get a copy of 'grep' and 'cut' and all your filtering/stripping problems
will be solved.
Frank
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Piers Kittel
Sent: Wednesday, May 30, 2007 12:29 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Comparing packets
Hello all,
I'm trying to export data as a CSV file but I need to modify the data
it exports a bit so I can do clever graphy things with it. My main
problem is the H.261 packets in a bunch of files I've got. When I
apply a filter (h261.stream) it shows all the packets I'm interested
in, but when I export it, it comes up as:
181 1324.014027 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx H.261 H.261 message
So I have no way to compare packets just using the data above. I've
found that I can disable the analyser for H.261 packets (Analyze -
Enabled Protocols - untick H.261) and it shows the data I need. For
example, packet 181 it shows:
181 1324.014027 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx RTP Payload type =
ITU-T H.261, SSRC 2008229573, Seq=54520, Time=1725612773, Mark
That is exactly what I need as I need the Seq part to compare
packets. Naturally, I have to cancel the filter, but I filter by
right clicking on the packet above, clicking on "Conversation Filter"
and clicking on UDP. Then when I export it as a CSV file, then one
column shows:
Payload type=ITU-T H.261, SSRC=2008229573, Seq=54520,
Time=1725612773, Mark
Is there a way (either from Wireshark or Excel/NeoOffice or anything
else such as a shell script) to strip the data down just to the 54520
part? Thinking about it, something like a shell script to delete
everything but the "54520" part from that column will be useful, but
will have to work out how to make it not delete anything else. Any
pointers to a helpful guide, or do you have any better idea?
Thanks very much for your help in advance!
Regards - Piers
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users