Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2021-08-03 04:42:25 +0000

menticol gravatar image

Get ws.col.Info as part of .json exported file

Hi again guys!

I'm making a little C# code to export expanded PCAP files to a Database.

So far I have succeeded in creating the JSON, however, I noticed that a very nice Wireshark column, _ws.col.Info, is missing on the generated file.

This column would contain very important information for Camel analysis, for example "SACK invoke InitialDP","invoke eventReportBCSM",""SACK invoke release call", among others.

On previous projects where I was required to export the PCAP as I CSV, I was able to do so by using switches like the following one:

-e frame.number -e frame.time -e _ws.col.Info -e diameter.Session-Id -e e164.msisdn -e e212.imsi

However, I'm not very sure how to do that on a generated .JSON

This is part of the code I came up with, if anybody finds it useful

   String fileNameWithoutExtension = Path.GetFileNameWithoutExtension(pcapFilePath);
            String fileNameWithExtension = Path.GetFileName(pcapFilePath);
            String workingFolder = pcapFilePath.Replace(fileNameWithExtension, "");

            String pcapToFilteredPcapArguments = "-r \"" + pcapFilePath + "\" -Y camel -w \"" + workingFolder + fileNameWithoutExtension + "_filtered.pcap\"";

            String output = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, pcapToFilteredPcapArguments);

            Console.WriteLine(output);

            Console.WriteLine("Filtered PCAP ready...");

            String temporaryPcapFilename = "\"" + workingFolder + fileNameWithoutExtension + "_filtered.pcap\"";

            String JsonFilePath = workingFolder + fileNameWithoutExtension + ".json";

            Console.WriteLine("Generating JSON...");

            String pcapToJsonArguments = "-r " + temporaryPcapFilename + " -T json ";

            String consoleOutputFromPcapToJson = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, pcapToJsonArguments);

            UtilsIO.saveTextFile(consoleOutputFromPcapToJson, JsonFilePath);

            Console.WriteLine("JSON Ready...");

As always thank you very much!

Get ws.col.Info as part of .json exported file

Hi again guys!

I'm making a little C# code to export expanded PCAP files to a Database.

So far I have succeeded in creating the JSON, however, I noticed that a very nice Wireshark column, _ws.col.Info, is missing on the generated file.

This column would contain very important information for Camel DIAMETER and CAMEL analysis, for example example, "SACK invoke InitialDP","invoke eventReportBCSM",""SACK invoke release call", among others.

On previous projects where I was required to export the PCAP as I CSV, I was able to do so by using switches like the following one:

-e frame.number -e frame.time -e _ws.col.Info -e diameter.Session-Id -e e164.msisdn -e e212.imsi

However, I'm not very sure how to do that on a generated .JSON

This is part of the code I came up with, if anybody finds it useful

   String fileNameWithoutExtension = Path.GetFileNameWithoutExtension(pcapFilePath);
            String fileNameWithExtension = Path.GetFileName(pcapFilePath);
            String workingFolder = pcapFilePath.Replace(fileNameWithExtension, "");

            String pcapToFilteredPcapArguments = "-r \"" + pcapFilePath + "\" -Y camel -w \"" + workingFolder + fileNameWithoutExtension + "_filtered.pcap\"";

            String output = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, pcapToFilteredPcapArguments);

            Console.WriteLine(output);

            Console.WriteLine("Filtered PCAP ready...");

            String temporaryPcapFilename = "\"" + workingFolder + fileNameWithoutExtension + "_filtered.pcap\"";

            String JsonFilePath = workingFolder + fileNameWithoutExtension + ".json";

            Console.WriteLine("Generating JSON...");

            String pcapToJsonArguments = "-r " + temporaryPcapFilename + " -T json ";

            String consoleOutputFromPcapToJson = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, pcapToJsonArguments);

            UtilsIO.saveTextFile(consoleOutputFromPcapToJson, JsonFilePath);

            Console.WriteLine("JSON Ready...");

As always thank you very much!

Get ws.col.Info as part of .json exported file

Hi again guys!

I'm making a little C# code to export expanded PCAP files to a Database.

So far I have succeeded in creating the JSON, however, I noticed that a very nice Wireshark column, _ws.col.Info, is missing on the generated file.

This column would contain very important information for DIAMETER and CAMEL analysis, for example, "SACK invoke InitialDP","invoke eventReportBCSM",""SACK invoke release call", among others.

On previous projects where I was required to export the PCAP as I CSV, I was able to do so by using switches like the following one:

-e frame.number -e frame.time -e _ws.col.Info -e diameter.Session-Id -e e164.msisdn -e e212.imsi

However, I'm not very sure how to do that on a generated .JSON

This is part of the code I came up with, if anybody finds it useful

   String fileNameWithoutExtension = Path.GetFileNameWithoutExtension(pcapFilePath);
            String fileNameWithExtension = Path.GetFileName(pcapFilePath);
            String workingFolder = pcapFilePath.Replace(fileNameWithExtension, "");

            String pcapToFilteredPcapArguments = "-r \"" + pcapFilePath + "\" -Y camel -w \"" + workingFolder + fileNameWithoutExtension + "_filtered.pcap\"";

            String output = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, pcapToFilteredPcapArguments);

            Console.WriteLine(output);

            Console.WriteLine("Filtered PCAP ready...");

            String temporaryPcapFilename = "\"" + workingFolder + fileNameWithoutExtension + "_filtered.pcap\"";

            String JsonFilePath = workingFolder + fileNameWithoutExtension + ".json";

            Console.WriteLine("Generating JSON...");

            String pcapToJsonArguments = "-r " + temporaryPcapFilename + " -T json ";

            String consoleOutputFromPcapToJson = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, pcapToJsonArguments);

            UtilsIO.saveTextFile(consoleOutputFromPcapToJson, JsonFilePath);

            Console.WriteLine("JSON Ready...");

As always thank you very much!

Get ws.col.Info as part of .json exported file

Hi again guys!

I'm making a little C# code to export expanded PCAP files to a Database.

So far I have succeeded in creating the JSON, however, I noticed that a very nice Wireshark column, _ws.col.Info, is missing on the generated file.

This column would contain very important information for DIAMETER and CAMEL analysis, for example, "SACK invoke InitialDP","invoke eventReportBCSM",""SACK invoke release call", among others.

On previous projects where I was required to export the PCAP as CSV, I was able to do so by using switches like the following one:

-e frame.number -e frame.time -e _ws.col.Info -e diameter.Session-Id -e e164.msisdn -e e212.imsi

However, I'm not very sure when I apply the aforementioned filters, I stop getting the whole PCAP file translated as JSON, and only get the selected field in the filter.

I would like to get the whole file as PCAP, plus, the-e _ws.col.Info field, to be able to navigate through it and later export to MySql.

Let me show you some pictures of how to do that on a generated .JSONthe program looks

Picture1

Picture 2

This is part of the code I came up with, if anybody finds it useful

   String fileNameWithoutExtension = Path.GetFileNameWithoutExtension(pcapFilePath);
            String fileNameWithExtension = Path.GetFileName(pcapFilePath);
            String workingFolder = pcapFilePath.Replace(fileNameWithExtension, "");

            String pcapToFilteredPcapArguments = "-r \"" + pcapFilePath + "\" -Y camel -w \"" + workingFolder + fileNameWithoutExtension + "_filtered.pcap\"";

            String output = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, pcapToFilteredPcapArguments);

            Console.WriteLine(output);

            Console.WriteLine("Filtered PCAP ready...");

            String temporaryPcapFilename = "\"" + workingFolder + fileNameWithoutExtension + "_filtered.pcap\"";

            String JsonFilePath = workingFolder + fileNameWithoutExtension + ".json";

            Console.WriteLine("Generating JSON...");

            String pcapToJsonArguments = "-r " + temporaryPcapFilename + " -T json ";

            String consoleOutputFromPcapToJson = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, pcapToJsonArguments);

            UtilsIO.saveTextFile(consoleOutputFromPcapToJson, JsonFilePath);

            Console.WriteLine("JSON Ready...");

As always thank you very much!

Get ws.col.Info as part of .json exported file

Hi again guys!

I'm making a little C# code to export expanded PCAP files to a Database.

So far I have succeeded in creating the JSON, however, I noticed that a very nice Wireshark column, _ws.col.Info, is missing on the generated file.

This column would contain very important information for DIAMETER and CAMEL analysis, for example, "SACK invoke InitialDP","invoke eventReportBCSM",""SACK invoke release call", among others.

On previous projects where I was required to export the PCAP as CSV, I was able to do so by using switches like the following one:

-e frame.number -e frame.time -e _ws.col.Info -e diameter.Session-Id -e e164.msisdn -e e212.imsi

However, when I apply the aforementioned filters, I stop getting the whole PCAP file translated as JSON, and only get the selected field in the filter.

I would like to get the whole file as PCAP, plus, PCAP contents plus the-e _ws.col.Info field, field to be able to navigate through it and later export to MySql.different fields to MySql as required.

Let me show you some pictures of how the program looks

Picture1

Picture 2Picture 2

This is part of the code I came up with, if anybody finds it useful

   String fileNameWithoutExtension = Path.GetFileNameWithoutExtension(pcapFilePath);
            String fileNameWithExtension = Path.GetFileName(pcapFilePath);
            String workingFolder = pcapFilePath.Replace(fileNameWithExtension, "");

            String pcapToFilteredPcapArguments = "-r \"" + pcapFilePath + "\" -Y camel -w \"" + workingFolder + fileNameWithoutExtension + "_filtered.pcap\"";

            String output = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, pcapToFilteredPcapArguments);

            Console.WriteLine(output);

            Console.WriteLine("Filtered PCAP ready...");

            String temporaryPcapFilename = "\"" + workingFolder + fileNameWithoutExtension + "_filtered.pcap\"";

            String JsonFilePath = workingFolder + fileNameWithoutExtension + ".json";

            Console.WriteLine("Generating JSON...");

            String pcapToJsonArguments = "-r " + temporaryPcapFilename + " -T json ";

            String consoleOutputFromPcapToJson = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, pcapToJsonArguments);

            UtilsIO.saveTextFile(consoleOutputFromPcapToJson, JsonFilePath);

            Console.WriteLine("JSON Ready...");

As always thank you very much!

Get ws.col.Info as part of .json exported file

Hi again guys!

I'm making a little C# code to export expanded PCAP files to a Database.

So far I have succeeded in creating the JSON, however, I noticed that a very nice Wireshark column, _ws.col.Info, is missing on the generated file.

This column would contain very important information for DIAMETER and CAMEL analysis, for example, "SACK invoke InitialDP","invoke eventReportBCSM",""SACK invoke release call", among others.

On previous projects where I was required to export the PCAP as CSV, I was able to do so by using switches like the following one:

-e frame.number -e frame.time -e _ws.col.Info -e diameter.Session-Id -e e164.msisdn -e e212.imsi

However, when I apply the aforementioned filters, I stop getting the whole PCAP file translated as JSON, and only get the selected whichever field in is indicated on the filter.

Instead, I would like to get the whole PCAP contents (plus the-e _ws.col.Info field to be able to ). In that way the user could navigate through it the file in a visual way, and later export different fields to MySql as required.whatever field he/she wants.

Let me show you some pictures of how the program looks

Picture1

Picture 2

This is part of the code I came up with, if anybody finds it useful

   String fileNameWithoutExtension = Path.GetFileNameWithoutExtension(pcapFilePath);
            String fileNameWithExtension = Path.GetFileName(pcapFilePath);
            String workingFolder = pcapFilePath.Replace(fileNameWithExtension, "");

            String pcapToFilteredPcapArguments = "-r \"" + pcapFilePath + "\" -Y camel -w \"" + workingFolder + fileNameWithoutExtension + "_filtered.pcap\"";

            String output = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, pcapToFilteredPcapArguments);

            Console.WriteLine(output);

            Console.WriteLine("Filtered PCAP ready...");

            String temporaryPcapFilename = "\"" + workingFolder + fileNameWithoutExtension + "_filtered.pcap\"";

            String JsonFilePath = workingFolder + fileNameWithoutExtension + ".json";

            Console.WriteLine("Generating JSON...");

            String pcapToJsonArguments = "-r " + temporaryPcapFilename + " -T json ";

            String consoleOutputFromPcapToJson = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, pcapToJsonArguments);

            UtilsIO.saveTextFile(consoleOutputFromPcapToJson, JsonFilePath);

            Console.WriteLine("JSON Ready...");

As always thank you very much!

Get ws.col.Info as part of .json exported file

Hi again guys!

I'm making a little C# code to export expanded PCAP files to a Database.

So far I have succeeded in creating the JSON, however, I noticed that a very nice Wireshark column, _ws.col.Info, is missing on the generated file.

This column would contain very important information for DIAMETER and CAMEL analysis, for example, "SACK invoke InitialDP","invoke eventReportBCSM",""SACK invoke release call", among others.

On previous projects where I was required to export the PCAP as CSV, I was able to do so by using switches like the following one:

-e frame.number -e frame.time -e _ws.col.Info -e diameter.Session-Id -e e164.msisdn -e e212.imsi

However, when I apply the aforementioned filters, I stop getting the whole PCAP file translated as JSON, and only get whichever field is indicated on the filter.

Instead, I would like to get the whole PCAP contents (plus the-e _ws.col.Info field). In that way the user could navigate through the file in a visual way, and later export whatever field he/she wants.

Let me show you some pictures of how the program looks

Picture1

Picture 2

This is part of the code I came up with, if anybody finds it useful

   String fileNameWithoutExtension = Path.GetFileNameWithoutExtension(pcapFilePath);
            String fileNameWithExtension = Path.GetFileName(pcapFilePath);
            String workingFolder = pcapFilePath.Replace(fileNameWithExtension, "");

            String pcapToFilteredPcapArguments = "-r \"" + pcapFilePath + "\" -Y camel -w \"" + workingFolder + fileNameWithoutExtension + "_filtered.pcap\"";

            String output = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, pcapToFilteredPcapArguments);

            Console.WriteLine(output);

            Console.WriteLine("Filtered PCAP ready...");

            String temporaryPcapFilename = "\"" + workingFolder + fileNameWithoutExtension + "_filtered.pcap\"";

            String JsonFilePath = workingFolder + fileNameWithoutExtension + ".json";

            Console.WriteLine("Generating JSON...");

            String pcapToJsonArguments = "-r " + temporaryPcapFilename + " -T json ";

            String consoleOutputFromPcapToJson = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, pcapToJsonArguments);

            UtilsIO.saveTextFile(consoleOutputFromPcapToJson, JsonFilePath);

            Console.WriteLine("JSON Ready...");

As always thank you very much!

Get ws.col.Info (plus the whole PCAP) as part of a .json exported file

Hi again guys!

I'm making a little C# code to export expanded PCAP files to a Database.

So far I have succeeded in creating the JSON, however, I noticed that a very nice Wireshark column, _ws.col.Info, is missing on the generated file.

This column would contain very important information for DIAMETER and CAMEL analysis, for example, "SACK invoke InitialDP","invoke eventReportBCSM",""SACK invoke release call", among others.

On previous projects where I was required to export the PCAP as CSV, I was able to do so by using switches like the following one:

-e frame.number -e frame.time -e _ws.col.Info -e diameter.Session-Id -e e164.msisdn -e e212.imsi

However, when I apply the aforementioned filters, I stop getting the whole PCAP file translated as JSON, and only get whichever field is indicated on the filter.

Instead, I would like to get the whole PCAP contents (plus the-e _ws.col.Info field). In that way the user could navigate through the file in a visual way, and later export whatever field he/she wants.

Let me show you some pictures of how the program looks

Picture1

Picture 2

This is part of the code I came up with, if anybody finds it useful

  String fileNameWithoutExtension = Path.GetFileNameWithoutExtension(pcapFilePath);
     String fileNameWithExtension = Path.GetFileName(pcapFilePath);
            String workingFolder String pathWorkingFolder = pcapFilePath.Replace(fileNameWithExtension, "");

            String pcapToFilteredPcapArguments String pathFilteredPcap = "\"" + pathWorkingFolder + fileNameWithoutExtension + "_filtered.pcap\"";
    String argumentsPcapToFilteredPcap = "-r \"" + pcapFilePath + "\" -Y camel -w \"" + workingFolder + fileNameWithoutExtension + "_filtered.pcap\"";

            String output " + pathFilteredPcap;

    String consoleOutputPcapToFilteredPcap = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, pcapToFilteredPcapArguments);

            Console.WriteLine(output);

        argumentsPcapToFilteredPcap);

    Console.WriteLine(consoleOutputPcapToFilteredPcap);
    Console.WriteLine("Filtered PCAP ready...");

            String temporaryPcapFilename = "\"" + workingFolder String pathJsonFile = pathWorkingFolder + fileNameWithoutExtension + "_filtered.pcap\"";

            String JsonFilePath = workingFolder + fileNameWithoutExtension + ".json";

            Console.WriteLine("Generating JSON...");

            String pcapToJsonArguments     String argumentsFilteredPcapToJson = "-r " + temporaryPcapFilename pathFilteredPcap + " -T json ";

     Console.WriteLine("Generating JSON...");

    String consoleOutputFromPcapToJson = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, pcapToJsonArguments);

        argumentsFilteredPcapToJson);

    UtilsIO.saveTextFile(consoleOutputFromPcapToJson, JsonFilePath);

        pathJsonFile);

    Console.WriteLine("JSON Ready...");

As always thank you very much!

click to hide/show revision 9
None

updated 2021-08-04 00:51:51 +0000

Guy Harris gravatar image

Get ws.col.Info (plus the whole PCAP) as a .json exported file

Hi again guys!

I'm making a little C# code to export expanded PCAP files to a Database.

So far I have succeeded in creating the JSON, however, I noticed that a very nice Wireshark column, _ws.col.Info, is missing on the generated file.

This column would contain very important information for DIAMETER and CAMEL analysis, for example, "SACK invoke InitialDP","invoke eventReportBCSM",""SACK invoke release call", among others.

On previous projects where I was required to export the PCAP as CSV, I was able to do so by using switches like the following one:

-e frame.number -e frame.time -e _ws.col.Info -e diameter.Session-Id -e e164.msisdn -e e212.imsi

However, when I apply the aforementioned filters, I stop getting the whole PCAP file translated as JSON, and only get whichever field is indicated on the filter.

Instead, I would like to get the whole PCAP contents (plus the-e _ws.col.Info field). In that way the user could navigate through the file in a visual way, and later export whatever field he/she wants.

Let me show you some pictures of how the program looks

Picture1

Picture 2

This is part of the code I came up with, if anybody finds it useful

    String fileNameWithoutExtension = Path.GetFileNameWithoutExtension(pcapFilePath);
    String fileNameWithExtension = Path.GetFileName(pcapFilePath);
    String pathWorkingFolder = pcapFilePath.Replace(fileNameWithExtension, "");

    String pathFilteredPcap = "\"" + pathWorkingFolder + fileNameWithoutExtension + "_filtered.pcap\"";
    String argumentsPcapToFilteredPcap = "-r \"" + pcapFilePath + "\" -Y camel -w " + pathFilteredPcap;

    String consoleOutputPcapToFilteredPcap = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, argumentsPcapToFilteredPcap);

    Console.WriteLine(consoleOutputPcapToFilteredPcap);
    Console.WriteLine("Filtered PCAP ready...");

    String pathJsonFile = pathWorkingFolder + fileNameWithoutExtension + ".json";
    String argumentsFilteredPcapToJson = "-r " + pathFilteredPcap + " -T json ";

    Console.WriteLine("Generating JSON...");

    String consoleOutputFromPcapToJson = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, argumentsFilteredPcapToJson);

    UtilsIO.saveTextFile(consoleOutputFromPcapToJson, pathJsonFile);

    Console.WriteLine("JSON Ready...");

As always thank you very much!

click to hide/show revision 10
None

updated 2021-08-04 00:52:42 +0000

Guy Harris gravatar image

Get ws.col.Info (plus the whole PCAP) ws.col.Info, plus all packet fields, as a .json exported file

Hi again guys!

I'm making a little C# code to export expanded PCAP files to a Database.

So far I have succeeded in creating the JSON, however, I noticed that a very nice Wireshark column, _ws.col.Info, is missing on the generated file.

This column would contain very important information for DIAMETER and CAMEL analysis, for example, "SACK invoke InitialDP","invoke eventReportBCSM",""SACK invoke release call", among others.

On previous projects where I was required to export the PCAP as CSV, I was able to do so by using switches like the following one:

-e frame.number -e frame.time -e _ws.col.Info -e diameter.Session-Id -e e164.msisdn -e e212.imsi

However, when I apply the aforementioned filters, I stop getting the whole PCAP file translated as JSON, and only get whichever field is indicated on the filter.

Instead, I would like to get the whole PCAP contents (plus the-e _ws.col.Info field). In that way the user could navigate through the file in a visual way, and later export whatever field he/she wants.

Let me show you some pictures of how the program looks

Picture1

Picture 2

This is part of the code I came up with, if anybody finds it useful

    String fileNameWithoutExtension = Path.GetFileNameWithoutExtension(pcapFilePath);
    String fileNameWithExtension = Path.GetFileName(pcapFilePath);
    String pathWorkingFolder = pcapFilePath.Replace(fileNameWithExtension, "");

    String pathFilteredPcap = "\"" + pathWorkingFolder + fileNameWithoutExtension + "_filtered.pcap\"";
    String argumentsPcapToFilteredPcap = "-r \"" + pcapFilePath + "\" -Y camel -w " + pathFilteredPcap;

    String consoleOutputPcapToFilteredPcap = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, argumentsPcapToFilteredPcap);

    Console.WriteLine(consoleOutputPcapToFilteredPcap);
    Console.WriteLine("Filtered PCAP ready...");

    String pathJsonFile = pathWorkingFolder + fileNameWithoutExtension + ".json";
    String argumentsFilteredPcapToJson = "-r " + pathFilteredPcap + " -T json ";

    Console.WriteLine("Generating JSON...");

    String consoleOutputFromPcapToJson = await new UtilsIO().executeExe(SHARK_INSTALL_FOLDER, argumentsFilteredPcapToJson);

    UtilsIO.saveTextFile(consoleOutputFromPcapToJson, pathJsonFile);

    Console.WriteLine("JSON Ready...");

As always thank you very much!

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2