|
Hi, I have a traffic sample in pcap format, I want to export the data as txt and csv files. Here is the code which I am using: for CSV: tshark -Y "ip" -r a.pcap -T fields -e frame.number -e ip.proto -e ip.src -e tcp.srcport -e udp.srcport -e ip.dst -e tcp.dstport -e udp.dstport -e frame.len -e frame.time_delta -e tcp.flags -e frame.time -e frame.time_relative -E header=y -E separator=";" > a.csv for Text file: tshark -Y "ip" -o column.format:'"No.","%m", "full time", "%Yt","src ip", "%us","des ip","%ud", "lenght", "%L",ā€¯transfered byte","%B","protocol","%p","srcmac","%uhs","destmac","%uhd","sourceport", "%uS", "destport", "%uD", "Info", "%i"' -r a.pcap > a.txt But as the traffic sample have 5 million packets and I need specific number of packets, can i import the packets detail for example from packet 1,234,567 to 4,567,567 ? How is it possible? Thanks in advance. |
This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.
Follow this question
By Email:Once you sign in you will be able to subscribe for any updates here
By RSS:Markdown Basics
- *italic* or _italic_
- **bold** or __bold__
- link:[text](http://url.com/ "title")
- image?
- numbered list: 1. Foo 2. Bar
- to add a line break simply add two spaces to where you would like the new line to be.
- basic HTML tags are also supported
You have a trillion packets.
You need to see four of them.
Riverbed Technology lets you seamlessly move between packets and flows for comprehensive monitoring, analysis and troubleshooting.
Riverbed is Wireshark's primary sponsor and provides our funding.
Question tags:
question asked: 17 Dec '13, 05:15
question was seen: 2,626 times
last updated: 17 Dec '13, 22:17
Related questions
powered by OSQA
