Question

In python I need to extract the below data from a file called wireshark.txt I made the element i'm trying to extract Bold in the 1st frame section.

Frame 1, Src:00:14:ee:08:dd:b1, Des:01:00:5e:7f:ff:fa, Type:0x0800
Frame 2, Src:00:14:ee:08:dd:b1, Des:01:00:5e:7f:ff:fa, Type:0x0800
Frame 3, Src:cc:2f:71:3e:ca:a1, Des:14:91:82:36:7a:8d, Type:0x0800
Frame 4, Src:cc:2f:71:3e:ca:a1, Des:14:91:82:36:7a:8d, Type:0x0800

The wireshark.txt file contents:

Frame 1: 372 bytes on wire (2976 bits), 372 bytes captured (2976 bits) on interface 0
Ethernet II, Src: WesternD_08:dd:b1 (00:14:ee:08:dd:b1), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa)
    Destination: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa)
        Address: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    Source: WesternD_08:dd:b1 (00:14:ee:08:dd:b1)
        Address: WesternD_08:dd:b1 (00:14:ee:08:dd:b1)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.1.180, Dst: 239.255.255.250
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 358
    Identification: 0xfe2a (65066)
    Flags: 0x4000, Don't fragment
    Time to live: 4
    Protocol: UDP (17)
    Header checksum: 0xc505 [validation disabled]
    [Header checksum status: Unverified]
    Source: 192.168.1.180
    Destination: 239.255.255.250
User Datagram Protocol, Src Port: 35064, Dst Port: 1900
Simple Service Discovery Protocol

No.     Time           Source                Destination           Protocol Length Info
      2 0.307821       192.168.1.180         239.255.255.250       SSDP     422    NOTIFY * HTTP/1.1

Frame 2: 422 bytes on wire (3376 bits), 422 bytes captured (3376 bits) on interface 0
Ethernet II, Src: WesternD_08:dd:b1 (00:14:ee:08:dd:b1), Dst: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa)
    Destination: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa)
        Address: IPv4mcast_7f:ff:fa (01:00:5e:7f:ff:fa)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    Source: WesternD_08:dd:b1 (00:14:ee:08:dd:b1)
        Address: WesternD_08:dd:b1 (00:14:ee:08:dd:b1)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.1.180, Dst: 239.255.255.250
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 408
    Identification: 0xfe2d (65069)
    Flags: 0x4000, Don't fragment
    Time to live: 4
    Protocol: UDP (17)
    Header checksum: 0xc4d0 [validation disabled]
    [Header checksum status: Unverified]
    Source: 192.168.1.180
    Destination: 239.255.255.250
User Datagram Protocol, Src Port: 48540, Dst Port: 1900
Simple Service Discovery Protocol

No.     Time           Source                Destination           Protocol Length Info
      3 0.325254       192.168.1.51          146.20.112.65         TCP      55     51333 → 443 [ACK] Seq=1 Ack=1 Win=258 Len=1 [TCP segment of a reassembled PDU]

Frame 3: 55 bytes on wire (440 bits), 55 bytes captured (440 bits) on interface 0
Ethernet II, Src: IntelCor_3e:ca:a1 (cc:2f:71:3e:ca:a1), Dst: BelkinIn_36:7a:8d (14:91:82:36:7a:8d)
    Destination: BelkinIn_36:7a:8d (14:91:82:36:7a:8d)
        Address: BelkinIn_36:7a:8d (14:91:82:36:7a:8d)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: IntelCor_3e:ca:a1 (cc:2f:71:3e:ca:a1)
        Address: IntelCor_3e:ca:a1 (cc:2f:71:3e:ca:a1)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.1.51, Dst: 146.20.112.65
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 41
    Identification: 0x69ac (27052)
    Flags: 0x4000, Don't fragment
    Time to live: 128
    Protocol: TCP (6)
    Header checksum: 0xccf1 [validation disabled]
    [Header checksum status: Unverified]
    Source: 192.168.1.51
    Destination: 146.20.112.65
Transmission Control Protocol, Src Port: 51333, Dst Port: 443, Seq: 1, Ack: 1, Len: 1

No.     Time           Source                Destination           Protocol Length Info
      4 0.340841       192.168.1.51          146.20.112.65         TCP      55     51349 → 443 [ACK] Seq=1 Ack=1 Win=255 Len=1 [TCP segment of a reassembled PDU]

Answer 1

# python 3 script using the wireshark.txt file as provided in the question

import os
from itertools import islice
cwd = "/home/dexter/Desktop"    # working directory
path = cwd + "/wireshark.txt"         # name of the text file
f1 = open(path, "r")            # open text file in read mode
numLines = sum(1 for line in f1)    # counting the number of lines in the text file
f1.close()                      # closing the text file
begin = 0   # read the text file from first row
end = numLines  #read the text file till the last row

finalString=''  # final output string
tempStr=''      #temporary string
temp=''         ##temporary string
count=1         # count variable for Frame number
complete=False  # flag to check if current Frame's information is completely extracted from the text file
                # Src and Destination are mentioned more than once for a particular Frame in text file
                # to avoid copying more than once this flag is needed

with open(path, 'r') as infile:
    lines_gen = islice(infile, begin, end)  # entire text file is sliced into rows

    for line in lines_gen:  # reading line by line

        if (line.find("Frame") != -1):  # if line contains substring "Frame"
            complete=False
            tempStr="Frame"+str(count)+", "
            count+=1

        elif ( (line.find("Src:") != -1)  and (complete==False)):# if line contains substring "Src:" and curent Frame's information is still not completely fetched from text file
            temp=line.split(',')[1]     # extracting just the Src value inside the parenthesis
            temp=temp.partition('(')[2]
            temp=temp.partition(')')[0]
            tempStr=tempStr+"Src:"+temp+", "

        elif ( (line.find("Destination:") != -1)  and (complete==False)):# if line contains substring "Destination:" and curent Frame's information is still not completely fetched from text file
            temp=line.partition('(')[2]     # extracting just the Destination value inside the parenthesis
            temp=temp.partition(')')[0]
            tempStr=tempStr+"Destination:"+temp+", "

        elif ( (line.find("Type:") != -1)  and (complete==False) ):# if line contains substring "Type:" and curent Frame's information is still not completely fetched from text file
            complete=True                   # all information are completely fetched for the current Frame hence making flag 'complete' True
            temp=line.partition('(')[2]     # extracting just the Type value inside the parenthesis
            temp=temp.partition(')')[0]
            tempStr=tempStr+"Type:"+temp+"\n"
            finalString=finalString+tempStr # adding current Frame's complete information into the finalString variable

    print(finalString)

aux2 aux 1.py Рус 1 L. 7: Structure T 1: Project Pycharm Projects untitled python_js te aux2.py Pr.. teht_ml.py të ht_ml1.py te ht_ml2.py te aux2.py import ... cwd = "/home/dexter/Desktop" # working directory path = cwd + "/wireshark.txt" # name of the text file f1 = open(path, "r") # open text file in read mode 6 numLines = sum(1 for line in f1) # counting the number of lines in the text file 7 f1.close() # closing the text file 8 begin = 0 # read the text file from first row 9 end = numLines #read the text file till the last row 10 11 12 13 14 finalString='' # final output string tempStr='! #temporary string temp=!! ##temporary string count=1 # count variable for Frame number complete=False # flag to check if current Frame's information is completely extracted from the text file # Src and Destination are mentioned more than once for a particular Frame in text file # to avoid copying more than once this flag is needed 15 16 17 18 19 with open(path, 'r') as infile: lines_gen = islice(infile, begin, end) # entire text file is sliced into rows 20 for line in lines_gen: # reading line by Line 21 22 23 Milli Ext 24 Scra 25 26 if (line.find("Frame") != -1): # if line contains substring "Frame" complete=False tempStr="Frame"+str(count)+", " count+=1 27 28 29 * 2: Favorites 30 31 elif ( (line.find("Src:") != -1) and (complete==False)):# if line contains substring "Src" and curent Frame's information is still not temp=line.split(',')[1] # extracting just the Src value inside the parenthesis temp=temp. partition('() [2] temn=temn.partitionel Python Console 2 Terminal E 6: TODO Event Log 45:120 LF UTF-8 4 spaces Python 3.5 1 32 4: Run O

aux2 Q teaux2.py Pycharm Projects untitled python_js te aux2.py Pr.. teht_ml.py te ht_ml1.py te ht_ml2.py aux 1.py complete=False u 26 tempStr="Frame" str(count)+", " count+=1 Pyc 25 27 . 7: Structure 1: Project 28 29 30 31 elif ( (line.find("Src:") != -1) and (complete==False)):# if line contains substring "Src" and curent Frame's information is still not temp=line.split(',')[1] # extracting just the Src value inside the parenthesis temp=temp. partition('[2] temp=temp. partition('')[0] tempStr=tempStr+"Src:"+temp+", 32 33 34 35 36 elif ( (line.find("Destination:") != -1) and (complete==False)):# if line contains substring "Destination:" and curent Frame's informare temp=line.partition('[2] # extracting just the Destination value inside the parenthesis temp=temp. partition(''[0] tempStr=tempStr+"Destination:"+temp+", " 37 38 39 40 41 42 elif ( (line.find("Type:") != -1) and (complete==False) ):# if line contains substring "Type:" and curent Frame's information is stilt complete=True # all information are completely fetched for the current Frame hence making flag 'complete' True temp=line. partition('[2] # extracting just the Type value inside the parenthesis temp=temp. partition('')[0] tempStr=tempStr+"Type:"+temp+"\n" final String=final String+tempStr # adding current Frame's complete information into the final String variable 43 44 45 46 ►lli Exte 47 print(final String) Scra 48 Run: o * 2: Favorites 4 aux2x /usr/bin/python3.5 /home/dexter/PycharmProjects/untitled/python_js/aux2.py Frame1, Src:00:14:ee: 08:dd:bi, Destination: 01:00:5e:7f:ff:fa, Type: 0x0800 Frame2, Src:00:14:ee: 08:dd:bi, Destination: 01:00:5e:7f:ff:fa, Type: 0x0800 Frame3, Src:cc:2f:71:3e:ca:al, Destination: 14:91:82:36:72:8d, Type: 0x0800 4: Run Python Console 2 Terminal E 6: TODO Event Log 8:1 LF UTF-8 4 spaces Python 3.5 2