Hi, I have a pcap file and i am developing a web application from where user will upload a pcap file, then User will click on Process button. Now i want to process that pcap file and want to INSERT/Add all data of pcap file in sql server database. So how can i do this ? I have tried to INSERT data of pcap file but the data did not added in a readable formate :-( So now i want to know a method name to whom i will pass that pcap file and it will return a file in csv formate. Then it will be very simple to pass that file to sql server and data will be inserted in database table. Thanks in advance, i am a newbie over here :-) asked 23 Mar '16, 03:31 rabeeljaved |
2 Answers:
Following is the command to convert a pCap file to csv format:
Where Here is the final command of TShark to convert pCap file to CSV file format:
Now we have the pCap file in CSV format, it is now possible to Insert/Add this in sql server database table. Note: Initiate an object of Process in your c# class and provide the path of cmd and pass above command line that will launch Tshark.exe and run the provided command and give us the output file at C:\output.csv. Now we can pick this file path and do what we want to do with this file like Insert in database table etc... answered 29 Mar '16, 03:18 rabeeljaved |
Note that there are already quite a few existing questions on this site regarding CSV output, have you looked at those? tshark is the command line application in the wireshark suite that will read a pcap file and return the text version of the dissection of the traffic in the file. The input file is specfied with a To produce output in csv format you'll need to use the Because you have to specify the required fields for "CSV" output, you may find it easier to process XML output, in this case use answered 23 Mar '16, 04:28 grahamb ♦ edited 23 Mar '16, 04:29 |
thanks @grahamb
But is there any way to convert pcap file in csv through a c# code/method instead of opening pcap file in Wireshark and converting it into csv or converting through command line....??? So here the thing, i want to upload the file through ASP.NET Web-Form application, after that i want to process that file and convert that file into csv??
I don't want to use command line kind of thing... :-(
Do you want dissected traffic, i.e. similar to that which the Wireshark GUI displays in the packet detail list, or do you simply want the pcap headers for each frame and the raw frame data?
A pcap file contains some headers and then the raw frame data.
If you want dissected traffic, then you'll need to use some form of dissection library, which is what tshark provides.
If you just want the raw frame data, then a .net library that can handle pcap files may suffice, a quick Google search turned up pcap.net and sharpcap. I have no idea how well these work, or if they can output in csv and in sufficient detail for your purposes.