This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

tshark batch file

0

hey all, I am trying to make a windows batch script for tshark.

here is the tshark command I use

tshark -V -r file.pcap -T fields -E header=y -E separator=% -e wlan.sa -e ip.src -e wlan.da -e ip.dst > file.csv

I want to create a batch to ask where the folder is for the pcap, what the name of the pcap is and where to write the csv file.

Can anyone help me? Thank you

asked 10 Dec '11, 13:17

NetSamSpade's gravatar image

NetSamSpade
1111
accept rate: 0%

1

This isn't really a Wireshark (or tshark) question, rather it's about windows batch files. You will be better off asking on a Q&A site that covers those sort of things such as SuperUser or ServerFault

(10 Dec '11, 14:11) grahamb ♦

One Answer:

1

It's kinda a Wireshark question as the batch file variable is conflicting with the Wireshark separator value used I think. Try changing that to a comma. Here are a couple ideas -

test.bat contents:

tshark -V -r %1 -T fields -E header=y -e wlan.sa -e ip.src -e wlan.da -e ip.dst -E separator=, > %2

Run sample

test c:\traces\wlan1.pcap c:\reports\wlan1.csv

If you want to simplify further, place the CSV into the same directory as the trace file and use the same file name (except for the extension) and include the extensions in the batch file.

test2.bat contents:

tshark -V -r %1.pcap -T fields -E header=y -e wlan.sa -e ip.src -e wlan.da -e ip.dst -E separator=, > %1.csv

Run sample (against a file called wlan-radiotap.pcap - just sample name)...

test2 c:\traces\wlan-radiotap

You'll end up with your new CSV file in the same directory as the trace file.

answered 11 Dec '11, 13:12

lchappell's gravatar image

lchappell ♦
1.2k2730
accept rate: 8%