Tshark file conversion using Windows 10 Pro, Visual Studio 2017, integration services SSIS and C# conversion from pcap to csv. Empty file! [closed]

I wish to automate file conversion from .pcap to .csv using Visual Studio 2017, Integration Services (SSIS) and a C# script transformation (please see attached c# extract below).

The file conversion works perfectly when used manually i.e. interactively in the command line interface (in cmd window). But inside SSIS: Attempted with C# Script: failed, CSV file created but is empty. Attempted with Execute Process: failed, CSV file created but is empty.

The target .csv file is produced successfully however, the target file is empty despite the source .pcap file being populated with pcap (not pcapng) packets.

Could you please advise, any assistance would be most appreciated. Thank you.

Process cmd = new Process();

cmd.StartInfo.FileName = "C:\Windows\System32\cmd.exe";

cmd.StartInfo.Arguments = @"/C C:\Program Files\Wireshark\tshark.exe -T fields -n -r C:\tmp\S023_TShark_1.pcap -e frame.time -e frame.number -e eth.src -e eth.dst -e ip.src -e ip.dst -e ip.proto -E -E separator=, -E quote=d -E occurrence=f > C:\tmp\S023_TShark_1.csv";

cmd.Start();

Dts.TaskResult = (int)ScriptResults.Success;

nods23's avatar
1
nods23
asked 2021-05-08 09:37:16 +0000, updated 2021-05-08 13:38:48 +0000
edit flag offensive 0 remove flag reopen merge delete

Closed for the following reason "question is off-topic or not relevant" by grahamb 2021-05-08 18:30:08 +0000

Comments

Why run it under cmd.exe, can't you start the tshark process directly?

grahamb's avatar grahamb (2021-05-08 13:51:57 +0000) edit
more
  • delete

Without cmd.exe and directly using Tshark.exe then Tshark goes immediately into capture mode and does not recognise the supplied parameters which suggests there is an error in how I am feeding the parameters.

nods23's avatar nods23 (2021-05-08 14:05:33 +0000) edit
more
  • delete

Do you have to escape the backslashes in the paths, e.g. C:\\...

I missed that you're redirecting the output, so that you'll need to run it under cmd, or use the Process object StandardOutput.

Regardless, this seems to be a .net programming issue not a Wireshark issue so you should locate a suitable .net support site.

grahamb's avatar grahamb (2021-05-08 14:17:24 +0000) edit
more
  • delete

"Program Files" contains a space so you need to quote the full path to tshark.exe. The file is empty because cmd failed to start tshark after redirecting stdout.

Instead of using cmd use VS to redirect the output to file, just google "visual studio process redirect stdout to file". Or better use a pipe and avoid the need for a temporary file.

André's avatar André (2021-05-08 16:53:31 +0000) edit
more
  • delete
add a comment see more comments