With the command:
tshark -r <file.pcap> -q -z conv,tcp > tcp.conv
I can take the TCP flows in a .pcap file and convert it to a .conv file. However, I am trying to automate capture analysis and this format makes it rather inconvenient for me. Is there a way to convert flows like above into a .csv file instead such that the values are separated by a common delimiter?
Here's the answer from the old Q&A site:
How to Export the pcap file statistics with csv file format.
4 If you need the data in CSV format, there are (at least) these options:
Use the GUI: Statistics -> Conversations -> TCP -> Copy. This will copy the screen content as CSV into the clipboard.
Use tshark: tshark will not export the conversation data in CSV format, so you either convert it to CSV with Excel (while importing the data) or use a script (perl, python, watherver) to convert that output to csv.
Extend the tshark code to export CSV structured data.
And the open issue asking to add it : 10759 - Tshark -z io,stat options export to csv format
Asked: 2022-03-05 06:48:06 +0000
Seen: 2,156 times
Last updated: Mar 05 '22
