 | 1 | initial version |
I would recommend using tshark for this purpose. For example:
tshark -r huge.pcap -Y "gtp.message == 0x10" -T fields -E header=y -E separator=/t -E quote=d -e frame.number -e e212.imsi -e e164.msisdn -e gtp.lac -e gtp.sai_sac > huge.csv
Add as many fields as you need using -e.
| | 2 | No.2 Revision |
I would recommend using tshark for this purpose. For example:
tshark -r huge.pcap -Y "gtp.message == 0x10" -T fields -E header=y -E separator=/t separator=, -E quote=d -e frame.number -e e212.imsi -e e164.msisdn -e gtp.lac -e gtp.sai_sac > huge.csv
Add as many fields as you need using -e.
EDIT I changed the separator from a tab to a comma, which is what I originally intended for a .csv file.