This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

What should I do to transform the captured pcap data into the CSV format including Timestamp, protocol and packet_length?

0

Please help me. Thanks in advance!!!

asked 29 Nov '13, 22:58

Eliza%20Rana's gravatar image

Eliza Rana
11458
accept rate: 0%


One Answer:

2

If you only want the timestamp, protocol and packet length, then one way would be to first configure your columns so that only those columns of interest are shown (done via Edit -> Preferences -> Columns), and then use File -> Export Packet Dissections -> as "CSV" (Comma Separated Values packet summary) file...

answered 30 Nov '13, 11:13

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

Thank so much for ur answer. Anyway, I am trying to transform my file "test.pcap" to "test.csv" by using command prompt. Here is what i wrote:

tshark -r "d:\test.pcap" -T fields -e frame.time -e ip.proto -e frame.len -E header=y -E separator=, > "d:\file.csv"

And when i press enter, it said "Access is denied".

So what should i do with this?

(30 Nov '13, 20:50) Eliza Rana
2

It would appear that you don't have write access to d:\. Try it first without redirecting the output to a file to see if the rest of the command works. If so, then you may have to write the file to another location.

By the way, you may need to quote the fields via -E quote=d, since the frame.time field will contain a comma.

(01 Dec '13, 07:06) cmaynard ♦♦

Really thanks for your help, cmaynard. I will try like you told me.

(01 Dec '13, 18:17) Eliza Rana

Hi cmaynard. I had followed you and the other commands really work. But, when I changed the location file to drive C, it still says Access is denied. So what should I do in order to create this csv file? Please help me...Now I am using Windows 7.

(01 Dec '13, 18:26) Eliza Rana

if you're getting the correct output but just can't redirect it to a file due to the "Access is denied" problem, then it would seem that you don't have write access to that location either. Find a drive/directory location where echo "Hello World!" > hello.txt works and likely the redirection of the tshark output will work as well.

(01 Dec '13, 18:56) cmaynard ♦♦

I don't really understand this. Could you explain in more details please?

(01 Dec '13, 19:15) Eliza Rana

I think maybe I had a problem with using cmd command prompt. When I first opened it, It appears: C:\Users\Teang

(01 Dec '13, 19:20) Eliza Rana
1

So then the installation directory where tshark.exe resides, most likely C:\Program Files\Wireshark apparently isn't in your PATH. This means you'll have to specify the full path yourself or add the location to the PATH if you want to run tshark.exe without specifying the full path. Either that, or you'll have to change to that directory but then you'll still have to remember to redirect output to a directory in which you have write access.

(01 Dec '13, 19:26) cmaynard ♦♦

So you mean I must use tshark command by running the tshark.exe?

(01 Dec '13, 19:33) Eliza Rana

Could you please tell me how to do this cmaynard? I am really new to Wireshark, and I really need your help right now.

(01 Dec '13, 19:38) Eliza Rana

Either tshark or tshark.exe will work, but on Windows, the executable is tshark.exe, so that's how I document/describe it. You can type tshark if you want though.

(01 Dec '13, 19:39) cmaynard ♦♦

Thanks cmaynard. Now I can get the csv file...:)

(01 Dec '13, 19:44) Eliza Rana
showing 5 of 12 show 7 more comments