This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

extract from pcap to csv using tshark

0

I want to convert normal.pcap file to csv file but I get

C:\Program Files\Wireshark>tshark -r normal.pcap -T fields -e frame.number -e frame.time -e eth.src -e eth.dst -e ip.src -e ip.dst -e ip.proto -E header=y -E separator=, -E quote=d -E occurrence=f > test.csv Accès refusé.

what is the pb here.

thanks in advance

asked 10 May '16, 13:22

Khadidja%20Khadidja's gravatar image

Khadidja Kha...
415611
accept rate: 0%

edited 10 May '16, 14:19

sindy's gravatar image

sindy
6.0k4851

thanks for all your responses it works perfectly :)

(10 May '16, 14:01) Khadidja Kha...
1

The idea of this site is that only answers to the original Question are posted as Answers; therefore, I've converted what you've posted as an Answer into a comment.

Another idea of this site is that the one who asked the Question marks the Answer which suited him best as "Accepted", which helps others who come with the same or similar question to choose from those similar Questions to which a useful Answer exists.

What this site does not anticipate is that you get several identical answers in parallel (nor that you ask the same thing in two distinct Questions). So please randomly choose one Answer here and mark it as Accepted (using the checkmark icon, not the thumbs up one), and also accept @Christian_R's Answer to your other Question.

Cheers.

(10 May '16, 14:08) sindy

I am newbie on this site, so thanks a lot for your advice ^^

(10 May '16, 14:31) Khadidja Kha...

2 Answers:

2

If you are logged in as normal user (no admin rights), Windows will not let you write anything into C:\Program Files or any of its sub-directories. So please modify the destination file name to c:\Users\your_user_name\Documents\test.csv and try again.

My qualified guess is that the reason why it worked for @Jasper was that he was (exceptionally) logged in using an account with administrator rights.

answered 10 May '16, 13:48

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

No, it worked for me because I have the Wireshark installation directory in my path variable and ran tshark in my D:\Work\Traces directory :-)

So I oversaw that I didn't use the same directory, and that it was the problem.

(10 May '16, 13:51) Jasper ♦♦

I just love to send an answer and find out that an identical one has already been posted twice in the meantime :-)

(10 May '16, 13:55) sindy

1

I just tried your command and it works fine for me. Maybe test.csv already existed and was open/locked by another program?

answered 10 May '16, 13:27

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

thanks for your response. there is no any test.csv file in C:\Program Files\Wireshark directory. and it Still does not work

(10 May '16, 13:36) Khadidja Kha...
1

Try redirecting the output to C:\some\place\you\have\permission\to\write\to\test.csv.

(10 May '16, 13:38) cmaynard ♦♦
1

Oh, you're doing it in the "C:\Program Files" path? Windows does not allow you to write files there without an elevated command prompt (which you should not use)

Try writing the File to a location where you are allowed to create files, e.g. your Desktop.

(10 May '16, 13:40) Jasper ♦♦
1

Because C:\Program Files\Wireshark isn't writable without elevated permission.

(10 May '16, 13:40) grahamb ♦