This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

running tshark command in windows batch file

0

I have written a batch file that runs a tshark command to filter fields from a wireshark pcap file and write them to a csv file. When i ran on the windows cmd CLI, i had to change the current working directory to the wireshark folder directory in the My Computer> Program Files, so i changed the current working directory in the batch file so that it would run the same way as i ran in the windows cmd CLI.

However, when i ran the below batch script, the output csv file was blank. How do i correct this batch script so that i can see the contents in the output csv file generated using wireshark's tshark command?

I wrote the batch file like this.

@echo off    
set curr_dir=%cd%
chdir /D cd..    
chdir /D cd..    
chdir /D cd program files    
chdir /D cd wireshark    
tshark -T fields -n -r "C:\Users\L33604\Desktop\SynFlood Sample.pcap" -E separator=, -e ip.src -e ip.dst > "C:\Users\L33604\Desktop\logcapture.txt"

asked 22 Apr '12, 20:25

misteryuku's gravatar image

misteryuku
20242630
accept rate: 0%

edited 23 Apr '12, 04:41

grahamb's gravatar image

grahamb ♦
19.8k330206

One Answer:

0
tshark -T fields -n -r "C:UsersL33604DesktopSynFlood Sample.pcap" -E separator=, -e ip.src -e ip.dst > "C:UsersL33604Desktoplogcapture.txt"

That will only work if the file UsersL33604DesktopSynFlood Sample.pcap is in the current directory, i.e. in C:\Program Files\Wireshark. It probably isn't there.

You would either need to do

tshark -T fields -n -r "C:{full path leading up to that file}\UsersL33604DesktopSynFlood Sample.pcap" -E separator=, -e ip.src -e ip.dst > "C:UsersL33604Desktoplogcapture.txt"

(which will, BTW, put UsersL33604Desktoplogcapture.txt into the current directory; if you don't want that, you'll have to specify the full path there as well), or do

"C:\Program Files\Wireshark\tshark" -T fields -n -r "C:UsersL33604DesktopSynFlood Sample.pcap" -E separator=, -e ip.src -e ip.dst > "C:UsersL33604Desktoplogcapture.txt"

in whatever directory contains the UsersL33604DesktopSynFlood Sample.pcap, or set your Path environment variable to include C:\Program Files\Wireshark\tshark, in which case just

tshark -T fields -n -r "C:UsersL33604DesktopSynFlood Sample.pcap" -E separator=, -e ip.src -e ip.dst > "C:UsersL33604Desktoplogcapture.txt"

will work.

answered 23 Apr '12, 00:54

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%