# Fields CSV to tshark executation string format script

Fields website: https://www.wireshark.org/docs/dfref/g/gquic.html 

HTML table to csv extractor: https://www.convertcsv.com/html-table-to-csv.htm

## How to use:
Open the "HTML table to csv extractor" and insert there as URL the "fields website" to make it generate a CSV file, download the contents into CSV and run this script.

Note: Don't forget to update the filename's path in this script to process the correct file.

## Imports:

In [1]:
import pandas as pd
import csv
import os

## Configure executable string

In [2]:
inputPCAPFilepath = "record_2020_08_21_RPI_OnePlus6_x3_23.pcapng" #<pcap-filename>
outputCSVFilepath = "output-pcap.csv" #<output-csv-filename>
filterBy = "gquic"

## Loading CSV:
Don't forget to change the filepath to point to the desired CSV file.

In [3]:
fields = pd.read_csv('./EXPORTED_GQUIC_FIELDS_WIRESHARK.csv')

## Process
### Add default fields such as source ip and time.

In [4]:
field_names = fields['Field name']

basicFields = pd.Series(["frame.number", "frame.time_relative", "frame.len","ip.src","ip.dst","udp.srcport", "udp.dstport"])
field_names = field_names.append(basicFields)

Format the rest of the fields loaded from CSV file to tshark executable string.

In [5]:
execString = "tshark -r " + inputPCAPFilepath + " -T fields"
for field in field_names:
    execString = execString +" -e " + field

execString = execString + " -E header=y -E separator=, -E quote=d -Y " + filterBy + " > " + outputCSVFilepath

## Print executable string to notebook

In [8]:
execString

'tshark -r record_2020_08_21_RPI_OnePlus6_x3_23.pcapng -T fields -e gquic.cid -e gquic.data_len -e gquic.diversification_nonce -e gquic.frame -e gquic.frame_type -e gquic.frame_type.ack -e gquic.frame_type.ack.ack_block_length -e gquic.frame_type.ack.ack_delay_time -e gquic.frame_type.ack.delta_largest_acked -e gquic.frame_type.ack.delta_largest_observed -e gquic.frame_type.ack.first_ack_block_length -e gquic.frame_type.ack.first_timestamp -e gquic.frame_type.ack.gap_to_next_block -e gquic.frame_type.ack.largest_acked -e gquic.frame_type.ack.largest_acked_delta_time -e gquic.frame_type.ack.largest_observed -e gquic.frame_type.ack.ll -e gquic.frame_type.ack.missing_packet -e gquic.frame_type.ack.mm -e gquic.frame_type.ack.n -e gquic.frame_type.ack.num_blocks -e gquic.frame_type.ack.num_ranges -e gquic.frame_type.ack.num_revived -e gquic.frame_type.ack.num_timestamp -e gquic.frame_type.ack.range_length -e gquic.frame_type.ack.received_entropy -e gquic.frame_type.ack.revived_packet -e gqu

## Save to file
Don't forget to change the filepath to point to the desired output file.

In [7]:
f = open("tshark-exec-string.txt", mode="wt")
f.write(execString)
f.close()