This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Convert large (60+ GB) Wireshark dataset to csv

0

Hi, I am trying to convert a large Dataset to csv for analysis with statistic tools. My problem: - Can't open the dataset in Wireshark Windows - Program Crashes after 12+ hrs of loading - Can't convert via tshark because process is extreamly slow and crashed my computer after 20+ hrs

I observed that using the tshark option the process does not use 100% of CPU and/or disk, though uses 100% of memory. Is there any "easy" form to convert?

thanks a lot in advanced

asked 07 Jun '17, 14:29

Kjeld's gravatar image

Kjeld
6112
accept rate: 0%


One Answer:

0

Both Wireshark and tshark are not made to handle this amount in a single file. The tracking of TCP sessions, protocol dependencies and symptoms eats up all the memory after a while.

Maybe you can run your CSV export from partial files? In that case you can use editcap (CLI tool installed with Wireshark) to cut the big file into smaller files using the -c parameter. If that's not possible you should tell us more about what kind of export you're trying to accomplish.

answered 07 Jun '17, 14:40

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Great, thanks Jasper, will try that!

(07 Jun '17, 14:41) Kjeld