This is a static archive of our old Q&A Site. Please post any new questions and answers at

Converting multiple pcap files to csv


I already found a post that does this, but in windows, and I'd like to make the same for linux, but I'm kind of a newbie when it comes to the shell environment. I'd like it to work on .gz files, more than .cap files, as the windows topic suggests.

Could someone hint me on how to do this?

That is the windows topic for it.

asked 02 Jan '14, 19:14

twolf's gravatar image

accept rate: 0%

edited 03 Jan '14, 05:21

One Answer:


Although this is not exactly a Wireshark question, I'm going to answer it, as I answered the other questions as well.

So, here we go.


please change the path names if necessary


outfile='/tmp/outfile.csv' tmpfile='/tmp/tmp_file.pcap'

tshark_cmd='tshark' tshark_options='-n -T fields -E separator=, -e frame.time -e ip.src -e ip.dst -e ip.proto -e tcp.port -e tcp.analysis.ack_rtt'

for file in $cap_files do echo "processing file: $file" gunzip -c $file > $tmpfile echo "== File: $file" >> $outfile $tshark_cmd -r $tmpfile $tshark_options >> $outfile done rm $tmpfile

echo "Results in: $outfile … Cheers Kurt"

This is just a small (working) example. Please modify it to your needs. However if you need further help with shell scripting, I suggest to ask the people at or


answered 09 Jan ‘14, 09:40

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%