Basically looking to do exactly what Tshark does using
tshark -r mysample.pcapng.gz -2 -Tfields -R ip -eip.src -eip.dst -eframe.protocols
with perl... So pulling from a k12 text file (Example of info in text file)
+---------+---------------+----------+
02:25:41,660,101 ETHER
|0 |ff|ff|ff|ff|ff|ff|b4|b6|76|53|9d|a0|08|00|45|00|00|4e|4f|85|00|00|80|11|68|b3|c0|a8|00|17|c0|a8|00|ff|
00|89|00|89|00|3a|74|68|c6|2a|01|10|00|01|00|00|00|00|00|00|20|46|48|46|41|45|42|45|45|43|41|43|41|43|41|43|41|43|41|43|41|43|41|43|41|43|41|43|41|43|41|41|41|00|00|20|00|01|
Been going over my codes splitting and sorting into arays and just cant for the life of me even get a start. Basically need to remove everything up to the second "|" take the next 6 sections (separated by "|") which is destination IP, then next 6 which is Source IP then next 2 which is protocol type, then convert to binary.
If anyone has written anything simple for this I would greatly appreciate taking a look at it. this is for a piece of class work, for a securities class.
Original source Wireshark Display Filter for Unique Source/Destination IP and Protocol