Ask Your Question
0

How to convert multiple .packet or .pcap files to a single csv file.

asked 2019-11-08 15:50:17 +0000

adamisrail gravatar image

I have multiple .packet files which i need to convert to csv to analyse protocols. Also I am finding many tshark codes but when I open my tshark.exe it starts packet capture and doesn't let me write the code. Do let me know where to execute the code. Im kind of new so please explain step by step how and what to do. I would really appreciate this.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-11-08 16:17:31 +0000

grahamb gravatar image

updated 2019-11-10 17:50:04 +0000

The use of tshark is described in the User Guide and the tshark man page.

Basically use tshark to read in each file and output to csv with a command similar to the following:

tshark -r infile -T tabs -E "separator=," -E "quote=d"

Adjusting the separator and quoting arguments as required.

Edit: Fixed typo for the -T option from fields to tabs

edit flag offensive delete link more

Comments

Hello Grahamb, I have already spent a lot of time and i can't find where to execute the code, ive already studied the links you have shared.

  1. Could you please tell me how to execute the code.
  2. I have more than 2000 files and i cant do it one by one. Is there anyway i can convert multiple files at once?
adamisrail gravatar imageadamisrail ( 2019-11-08 16:36:38 +0000 )edit
1

For the first point you will have to open a shell prompt. You haven't told us which OS you're using, but you do mention tshark.exe so I'll assume this is Windows. In that case you can use Cmd or PowerShell, I prefer PowerShell. Search for this in the Start Menu. Note that you'll have to provide the full path to tshark, e.g. '"C:\Program Files\Wireshark\tshark.exe"` when calling it.

For the 2nd point all common shells have their "language" which will allow you to make the same call on multiple files. The way in which this is done depends on the shell in use, which comes back to the first point.

For PowerShell I'd use something like:

Get-ChildItem "Dir with files" |  ForEach-Object { path\to\tshark -r (Convert-Path $_) -T tabs -E "separator=," =E "quote=d" | Out-File -Encoding utf8 "$($_.Basename).csv ...
(more)
grahamb gravatar imagegrahamb ( 2019-11-10 17:49:11 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-11-08 15:50:17 +0000

Seen: 613 times

Last updated: Nov 10 '19

Related questions

How to split file json real time tshark?

Deduplication in tshark -T ek [closed]

filtering out protocol, sequence number, and ack using tshark

Using tshark filters to extract only interesting traffic from 12GB trace

Any way to use cmd tshark for a gns3 wire?

authority RRs tshark

can I install only tshark?

How do I change the interface on Tshark?

Tshark TCP stream assembly

Tshark output file problem, saving to csv or txt

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2