Get a copy of 'grep' and 'cut' and all your filtering/stripping problems will be solved.
Frank -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Piers Kittel Sent: Wednesday, May 30, 2007 12:29 PM To: wireshark-users@wireshark.org Subject: [Wireshark-users] Comparing packets Hello all, I'm trying to export data as a CSV file but I need to modify the data it exports a bit so I can do clever graphy things with it. My main problem is the H.261 packets in a bunch of files I've got. When I apply a filter (h261.stream) it shows all the packets I'm interested in, but when I export it, it comes up as: 181 1324.014027 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx H.261 H.261 message So I have no way to compare packets just using the data above. I've found that I can disable the analyser for H.261 packets (Analyze - Enabled Protocols - untick H.261) and it shows the data I need. For example, packet 181 it shows: 181 1324.014027 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx RTP Payload type = ITU-T H.261, SSRC 2008229573, Seq=54520, Time=1725612773, Mark That is exactly what I need as I need the Seq part to compare packets. Naturally, I have to cancel the filter, but I filter by right clicking on the packet above, clicking on "Conversation Filter" and clicking on UDP. Then when I export it as a CSV file, then one column shows: Payload type=ITU-T H.261, SSRC=2008229573, Seq=54520, Time=1725612773, Mark Is there a way (either from Wireshark or Excel/NeoOffice or anything else such as a shell script) to strip the data down just to the 54520 part? Thinking about it, something like a shell script to delete everything but the "54520" part from that column will be useful, but will have to work out how to make it not delete anything else. Any pointers to a helpful guide, or do you have any better idea? Thanks very much for your help in advance! Regards - Piers _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
