I have multiple .packet files which i need to convert to csv to analyse protocols. Also I am finding many tshark codes but when I open my tshark.exe it starts packet capture and doesn't let me write the code. Do let me know where to execute the code. Im kind of new so please explain step by step how and what to do. I would really appreciate this.
The use of tshark is described in the User Guide and the tshark man page.
Basically use tshark to read in each file and output to csv with a command similar to the following:
tshark -r infile -T tabs -E "separator=," -E "quote=d"
Adjusting the separator and quoting arguments as required.
Edit: Fixed typo for the -T option from fields to tabs
Hello Grahamb, I have already spent a lot of time and i can't find where to execute the code, ive already studied the links you have shared.
For the first point you will have to open a shell prompt. You haven't told us which OS you're using, but you do mention tshark.exe so I'll assume this is Windows. In that case you can use Cmd or PowerShell, I prefer PowerShell. Search for this in the Start Menu. Note that you'll have to provide the full path to tshark, e.g. '"C:\Program Files\Wireshark\tshark.exe"` when calling it.
For the 2nd point all common shells have their "language" which will allow you to make the same call on multiple files. The way in which this is done depends on the shell in use, which comes back to the first point.
For PowerShell I'd use something like:
Get-ChildItem "Dir with files" | ForEach-Object { path\to\tshark -r (Convert-Path $_) -T tabs -E "separator=," =E "quote=d" | Out-File -Encoding utf8 "$($_.Basename).csv ...
Comments