Hi, I have a traffic sample in pcap format, I want to export the data as txt and csv files. Here is the code which I am using: for CSV: tshark -Y "ip" -r a.pcap -T fields -e frame.number -e ip.proto -e ip.src -e tcp.srcport -e udp.srcport -e ip.dst -e tcp.dstport -e udp.dstport -e frame.len -e frame.time_delta -e tcp.flags -e frame.time -e frame.time_relative -E header=y -E separator=";" > a.csv for Text file: tshark -Y "ip" -o column.format:'"No.","%m", "full time", "%Yt","src ip", "%us","des ip","%ud", "lenght", "%L",”transfered byte","%B","protocol","%p","srcmac","%uhs","destmac","%uhd","sourceport", "%uS", "destport", "%uD", "Info", "%i"' -r a.pcap > a.txt But as the traffic sample have 5 million packets and I need specific number of packets, can i import the packets detail for example from packet 1,234,567 to 4,567,567 ? How is it possible? Thanks in advance. asked 17 Dec '13, 05:15  Payam365 |
One Answer:
The -Y filter could be enhanced to -Y "ip and frame.number gt xxx and frame.number lt yyy" Is this what you were looking for ? answered 17 Dec '13, 07:54  mrEEde |
yes, thanks
Don't forget to 'accept' the answer to mark it as closed, thanks