This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Export to csv on the fly.

0

I have incoming streaming data packets. I need to

  1. Isolate the packets from a certain ip.
  2. Filter only those of certain length
  3. From those filtered packets I need to filter the last 7 bytes.
  4. The data should be inserted on the fly to a comma based csv file.

Is this possible with Wireshark?

asked 14 Jan '13, 13:51

berkz's gravatar image

berkz
1112
accept rate: 0%

edited 14 Jan '13, 13:56

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237

One Answer:

1

Yes, you could do that with wireshark by writing a Lua script for it. However, Wireshark accumulates state information, so you will run out of memory in the long run (or less long run on high bandwidth networks). I think writing a little libpcap application in C or Perl or any language of your choice is a better bet.

answered 14 Jan '13, 15:10

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Thx for the quick reply. Also I've been checking out the command line interface. Is it possible to filter by packet lenght using the CLI ?

(14 Jan '13, 16:47) berkz
1

Yes, you can use a display filter like this:

tshark -r <file> -R frame.len==1510

Or a capture filter like this:

tshark -i <interface> -f len=1510
(14 Jan '13, 23:21) SYN-bit ♦♦