This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to Export the pcap file statistics with csv file format.

0

Hello I'd like to export the pcap ip conversation ststistics to csv file format. I ran the below command But output is not looks like csv format.


'tshark -nr badcase.cap -z conv,ip -q >> aa.csv'

Result

IPv4 Conversations Filter:<no filter=""> | <- | | -> | | Total | Relative | Duration | | Frames Bytes | | Frames Bytes | | Frames Bytes | Start | | 38.123.0.241 <-> 38.120.0.4 2131 381775 4880 702985 2 7011 7411627 0.000000000 46.5388 203.236.39.130 <-> 10.24.20.142 2127 381128 4876 702918 2 7003 7410310 16.775635010 29.7632 211.233.41.229 <-> 10.24.20.142 4 647 4 67 0 8 1317 0.000000000 39.6715


Any way to solve this problem? Thanks

asked 09 Jul '13, 00:54

JasonK's gravatar image

JasonK
11113
accept rate: 0%


One Answer:

4

If you need the data in CSV format, there are (at least) these options:

  • Use the GUI: Statistics -> Conversations -> TCP -> Copy. This will copy the screen content as CSV into the clipboard.
  • Use tshark: tshark will not export the conversation data in CSV format, so you either convert it to CSV with Excel (while importing the data) or use a script (perl, python, watherver) to convert that output to csv.
  • Extend the tshark code to export CSV structured data.

Regards
Kurt

answered 09 Jul '13, 02:53

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 09 Jul '13, 06:22

Hi Kurk, Thank you for your reply. I fully understand your explanation. and got a further question. Any plan to support the CSV format export feature on tshark? (We have some local project and we need to get the csv format conversation data on cli mode)

Thanks Jason Kim

(09 Jul '13, 17:23) JasonK

as there is no road map for Wireshark, I can't tell you if or when such a feature will be added. If you want to have it, please file an enhancement request at https://bugs.wireshark.org

(10 Jul '13, 00:39) Kurt Knochner ♦

To raise an enhancement request, add an item to the Wireshark Bugzilla for TShark and mark the "Importance" as an enhancement.

Please comment back here with the bug ID for the benefit of other users.

(10 Jul '13, 00:45) grahamb ♦