|
I already found a post that does this, but in windows, and I'd like to make the same for linux, but I'm kind of a newbie when it comes to the shell environment. I'd like it to work on .gz files, more than .cap files, as the windows topic suggests. Could someone hint me on how to do this? http://ask.wireshark.org/questions/12799/how-to-convert-multiple-pcap-files-to-csv That is the windows topic for it. |
|
Although this is not exactly a Wireshark question, I'm going to answer it, as I answered the other questions as well. So, here we go. #!/bin/bash # please change the path names if necessary cap_files='/tmp/*.pcap.gz' outfile='/tmp/outfile.csv' tmpfile='/tmp/tmp_file.pcap' tshark_cmd='tshark' tshark_options='-n -T fields -E separator=, -e frame.time -e ip.src -e ip.dst -e ip.proto -e tcp.port -e tcp.analysis.ack_rtt' for file in $cap_files do echo "processing file: $file" gunzip -c $file > $tmpfile echo "== File: $file" >> $outfile $tshark_cmd -r $tmpfile $tshark_options >> $outfile done rm $tmpfile echo "Results in: $outfile ... Cheers Kurt" This is just a small (working) example. Please modify it to your needs. However if you need further help with shell scripting, I suggest to ask the people at http://stackoverflow.com/ or http://superuser.com/ Regards |
