How can I convert a pcap into CSV using python

Question

I need to convert a pcap file that I have on my drive into a csv file using python code ( I know how to do it using wireshark UI ) but I need to do it throught a python code,

I already tried this code:

import os
os.system("tshark -r mirai.pcap -T fields -e ip.src -e frame.len -e     ip.proto -E separatorr=, -E occurrence=f > traffic.csv")

I get a result file but it's empty one.

Can anyone help me please.

Answer 1

You can use tshark and Python to automate this.

import os

for file in os.listdir('/path/to/pcap/files/'):
    output_csv = file + '.csv'
    os.system(f"tshark -N n -r ./test/{file} -T fields -e frame.number -e _ws.col.Time -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -e _ws.col.Length -e _ws.col.Info -E header=y -E separator=, > {output_csv}")
    

The reason why u didn't get an empty csv is that you haven't install tshark to be available to your CLI. in Linux. try apt-install tshark, In windows , you have to install Wireshark then set the environment variable to the installation folder to make tshark activated to your Command prompt.

Answer 2

I did it in the following manner using subprocess:

import subprocess

with open('/path/to/csv_file.csv','w') as f:
    subprocess.run("tshark -r /path/to/pcap_file.pcap -T fields
    -e frame.number -e ip.src -e ip.dst 
    -E header=y -E separator=/t".split(), stdout =f)

The stdout gets written to '/path/to/csv_file.csv'

Answer 3

This is an easiest way to do it (in my opinion)

os.system ('tshark -r'+in_file +'>'+ out_file +'.txt')

where

in_file = <name of your pcap file>
out_file = <name of your output file>

PS: Tested on python 3 only

Answer 4

It got it to work when I changed to command to:

os.system("tshark -r mirai.pcap -T fields -e ip.src -e frame.len -e     ip.proto -E separator=, -E occurrence=f > traffic.csv")

that is changing separatorr to separator.

Usually I use package pyshark (https://pypi.org/project/pyshark/) to process my pcap files in python.