Description
Tcpdump uses 'IP.port' notation instead of the well-known 'IP:port' one in its output. For example, it prints '192.168.0.254.3128' instead of '192.168.0.254:3128', which means the port 3128 of host '192.168.0.254'. What we want is to replace the dot('.') following an IP with a colon. It is not difficult to do the job.
Script and Comments
Script1 [sed] 
[ 1] s/(([0-9]{1,}\.){3}[0-9]{1,})\./\1:/g
Comments
  1. To reduce the number of escaping backslashes, you have to use '-r' option of GNU sed 4.X, then it will interpret REs as Extended REs rather than Basic ones. Or you have to use Script2.
  2. [0-9]{1,} is equivalent to [0-9][0-9]*.
Script2 [sed] 
[ 1] s/\(\([0-9]\{1,\}\.\)\{3\}[0-9]\{1,\}\)\./\1:/g
More...
But things become a little difficult if the input data contains something like '1.2.3.4.5.6', which can not be interpreted as 'IP.port', although 'tcpdump' will NOT generate data of this kind.
Raw Input 
12.34.56.78.90.12 192.168.0.254.3128 14.72.55.33.26.890 192.168.1.254.9000
Desired Output 
12.34.56.78.90.12 192.168.0.254:3128 14.72.55.33.26.890 192.168.1.254:9000
Script and Comments
Script1 [sed] 
[ 1] s/(( |^)([0-9]+\.){3}[0-9]+)\.([0-9]+( |$))/\1:\4/g
Comments
  1. An 'IP.port' pair either follows a space or begins at the first character of a line(or string): ( |^).
  2. It either precedes a space or ends at the end of a line(or string): ( |$).
  3. Therefore, to match an 'IP.port' pair, we can use ( |^)([0-9]+\.){4}[0-9]+( |$)
    (leading or trailing spaces may exist).
  4. To catch the dot to be replaced, we modify above RE to ( |^)([0-9]+\.){3}[0-9]+\.[0-9]+( |$)
Script2 [perl] 
[ 1] s/((?: |^)(?:\d+\.){3}\d+)\.(\d+(?: |$))/$1:$2/g