William Lam

Wireshark Log Parser

This Wireshark Log Parser was created as a self-directed learning project for my Networking Fundamentals class. Built in Python 3.7 and leveraging the TShark shell, this program parses important parameters from a valid Wireshark log file (typically a .pcapng or .cap file) for every frame and outputs the desired parameters in a table.

Important parameters for each frame include: the frame number, the source and destination Layer 2 (MAC) addresses, the source and destination Layer 3 (IP) addresses, the Layer 4 (transport layer) protocol used, the Layer 7 (application layer) protocol used, any source and destination TCP or UDP ports used, as well as the presence and approximate position of each 3-way handshake and termination handshake. The appropriate parsed data is also output in tabulated format via .csv files.

There are some limitations with this project: Class D and E IP addresses are not handled correctly in this software. Classless inter-domain routing (CIDR) is also assumed to be used (rather than private or classful addressing). Modifications will have to be made to handle those appropriately if used in a more commercial and formal environment.

Links