This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Transforming a .pcap file to a text file on windows 7 using tshark

0

I want to transform a captured sample .pcap file stored in the windows 7 desktop into a text file on windows 7 command line cmd using tshark. I tried : C:>Program Files>Wireshark> tshark -V -r C:\Users\myName\Desktop\WiresharkLog\SynFlood Sample.pcap > C:\Users\myName\Desktop\logcapture.txt When i hit enter after entering this command, the message on the command line says "access is denied." How do i make sure that i can convert a pcap file source into a text file using tshark commands on windows 7 cmd?

asked 16 Apr '12, 18:16

misteryuku's gravatar image

misteryuku
20242630
accept rate: 0%

edited 24 Jun '12, 23:28


One Answer:

0

Your login name contains spaces, so you might have to quote it on the command line:

tshark -V -r "C:\Users\Tok Jun Xin\Desktop\WiresharkLog\SynFlood Sample.pcap" > "C:\Users\Tok Jun Xin\Desktop\logcapture.txt"

answered 16 Apr '12, 23:11

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

edited 25 Jun '12, 20:32

When i typed that, the windows 7 command line interface showed this message : tshark: "Sample.pcap" is neither a field or a protocol name. Is there a mistake in the command or there is another problem?

(16 Apr '12, 23:22) misteryuku

Is there a mistake in the command

Yes. What is the pathname of the capture file? Is C:\Users\Tok Jun Xin\Desktop\WiresharkLog\SynFlood a directory with a Sample.pcap file in it? If so, the command you want is

tshark -V -r "C:\Users\Tok Jun Xin\Desktop\WiresharkLog\SynFlood\Sample.pcap" > "C:\Users\Tok Jun Xin\Desktop\logcapture.txt"
(16 Apr '12, 23:32) Guy Harris ♦♦

Yeah. That is what i meant

(16 Apr '12, 23:33) misteryuku

OK, I fixed the command line in the answer to reflect the pathname of the capture file being

C:\Users\Tok Jun Xin\Desktop\WiresharkLog\SynFlood Sample.pcap

as, when looking at the original question, it looks as if the capture file name is SynFlood Sample.pcap (with a space in the name) and it's in the directory C:\Users\Tok Jun Xin\Desktop\WiresharkLog (with a space in the user name).

(25 Jun '12, 20:33) Guy Harris ♦♦