Reputation: 8787
Getting particular information out of pcap files
I am interested in particular information in the .pcap (Frame control field). I want to extract it to a text file and then do graph plotting using the extracted data. I can do export to text file using wireshark but I am looking for automating the process.
As of now I know that Tshark can be used to convert .pcap to text files but then it outputs the whole packet. Instead I am interested in only one particular information.
Is there some nice way to do this.
Upvotes: 0
Views: 642
Answers (1)
Reputation: 1001
Is there some nice way to do this.
Could be.
If the field you wish to extract has a filter, the you can use tshark to output just that field using the -T and -e switches;
tshark -Tfields -e tcp.port -r ....
See tshark -h for details...
To use wireshark to see the name for a field, click on the field in the details pane and then note the field name shown in the bottom status bar.
Which field(s) specifically do you want ? from what protocol ?
Upvotes: 2
Related Questions
- How do I extract all the features from a pcap file using Wireshark?
- Extracting PCAP using Tshark
- Extracting packet details in c#
- How to use libpcap to parse pcap file.
- Parsing pcap taken from wireshark file using - Java
- Extracting packet details using jnetpcap library
- Find data transfered by wireshark on pcap file
- how to extract data from pcap file
- How to extract the "info" field from a pcap file?
- How to extract full set of features from an existing pcap file using tshark or any other tool?