This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

extract specific number of packets to text and csv.

0

Hi,

I have a traffic sample in pcap format, I want to export the data as txt and csv files. Here is the code which I am using:

for CSV:

tshark -Y "ip" -r a.pcap -T fields -e frame.number -e ip.proto -e ip.src -e tcp.srcport -e udp.srcport -e ip.dst -e tcp.dstport -e udp.dstport -e frame.len -e frame.time_delta -e tcp.flags -e frame.time -e frame.time_relative -E header=y -E separator=";" > a.csv

for Text file:

tshark -Y "ip" -o column.format:'"No.","%m", "full time", "%Yt","src ip", "%us","des ip","%ud", "lenght", "%L",”transfered byte","%B","protocol","%p","srcmac","%uhs","destmac","%uhd","sourceport", "%uS", "destport", "%uD", "Info", "%i"' -r a.pcap > a.txt

But as the traffic sample have 5 million packets and I need specific number of packets, can i import the packets detail for example from packet 1,234,567 to 4,567,567 ?

How is it possible?

Thanks in advance.

asked 17 Dec '13, 05:15

Payam365's gravatar image

Payam365
21225
accept rate: 0%


One Answer:

2

The -Y filter could be enhanced to -Y "ip and frame.number gt xxx and frame.number lt yyy"

Is this what you were looking for ?

answered 17 Dec '13, 07:54

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

yes, thanks

(17 Dec '13, 09:15) Payam365

Don't forget to 'accept' the answer to mark it as closed, thanks

(17 Dec '13, 22:17) mrEEde