Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Command line packet dissection?

One of the tasks I use Wireshark for is to convert pcap capture files to csv format for statistical and anomaly analysis by other programs. These files tend to be very large and manually specifying the profile to use, opening the pcap, waiting for it to load, then specifying the output csv, and waiting for it to write can take a long time, and require a lot of memory.

I see that some parts of Wireshark can be driven from the command line, but I'm unclear if that includes pcap to csv conversion, using the full protocol analysis wireshark so admirably performs, and outputting those fields I've defined in a profile.

Anyone know how to get this to work?