This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can’t export mac address as CSV

0

I am trying to use Tshark to analyze network traffic to find probe requests on a wifi card in monitor mode. I would like to use tshark to analyze traffic than output the data into a csv file. I can capture the data in real time with:

tshark -i wlan1 -f "type mgt subtype probe-req"

but if i try and use:

-i wlan1 -f "type mgt subtype probe-req" -T fields -e frame.number -e wlan.sa ...(every mac/ip filter i could find) -E separator=,

all i get is the frame number. Am i using the -T field/-e fields commands wrong or am i missing something?

asked 11 Jul '17, 10:32

20weegweeg's gravatar image

20weegweeg
6112
accept rate: 0%

edited 11 Jul '17, 10:54

sindy's gravatar image

sindy
6.0k4851

Do you experience the same issue if you use

tshark -i wlan1 -f "type mgt subtype probe-req" -w my_file

tshark -r my_file -T fields -e frame.number -e wlan.sa -E separator=,

?

(11 Jul ‘17, 10:58) sindy

One Answer:

0

What version of Wireshark is this?

./tshark -i en0 -I -T fields -e frame.number -e wlan.sa -f "type mgt subtype probe-req" -E separator=,

printed

1,{MAC address 1}
2,{MAC address 1}
3,{MAC address 1}
4,{MAC address 2}
5,{MAC address 2}

on my MacBook Pro with a build from a recent checkout of the master branch.

answered 11 Jul '17, 18:54

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

I installed the latest build and now it works, thanks for the help

(12 Jul '17, 07:04) 20weegweeg