Wireshark-users: Re: [Wireshark-users] Comparing packets

Date Prev · Date Next · Thread Prev · Thread Next
From: "Frank Bulk" <frnkblk@xxxxxxxxx>
Date: Thu, 31 May 2007 10:41:50 -0500
Get a copy of 'grep' and 'cut' and all your filtering/stripping problems
will be solved.

Frank

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Piers Kittel
Sent: Wednesday, May 30, 2007 12:29 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Comparing packets

Hello all,

I'm trying to export data as a CSV file but I need to modify the data  
it exports a bit so I can do clever graphy things with it.  My main  
problem is the H.261 packets in a bunch of files I've got.  When I  
apply a filter (h261.stream) it shows all the packets I'm interested  
in, but when I export it, it comes up as:

181 1324.014027 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx H.261 H.261 message

So I have no way to compare packets just using the data above.  I've  
found that I can disable the analyser for H.261 packets (Analyze -  
Enabled Protocols - untick H.261) and it shows the data I need.  For  
example, packet 181 it shows:

181 1324.014027 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx RTP Payload type =  
ITU-T H.261, SSRC 2008229573, Seq=54520, Time=1725612773, Mark

That is exactly what I need as I need the Seq part to compare  
packets.  Naturally, I have to cancel the filter, but I filter by  
right clicking on the packet above, clicking on "Conversation Filter"  
and clicking on UDP.  Then when I export it as a CSV file, then one  
column shows:

Payload type=ITU-T H.261, SSRC=2008229573, Seq=54520,  
Time=1725612773, Mark

Is there a way (either from Wireshark or Excel/NeoOffice or anything  
else such as a shell script) to strip the data down just to the 54520  
part?  Thinking about it, something like a shell script to delete  
everything but the "54520" part from that column will be useful, but  
will have to work out how to make it not delete anything else.  Any  
pointers to a helpful guide, or do you have any better idea?

Thanks very much for your help in advance!

Regards - Piers
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users