Reputation: 1318
Exporting all fields in pcap files into the csv in python
I want to convert a pcap file into the csv using the python code; but the problem is I should specify precisely what fields to be exported using the tshark library. I want to export all fields. when I dont specify the fields, blank file is exported. the sample code is presented below:
tshark -r /root to the file/test1.pcap -T fields -e ip.src > test1.csv
I want to remove the special fields to export ALL fields; then accessing the fields in python (using a library like pandas in dictionary format like df["Source"])
Any help appreciated!
Upvotes: 3
Views: 713
Answers (1)
Reputation: 1324
I want to remove the special fields to export ALL fields;
This is not possible with the CSV (fields) format
$tshark -r trace.pcap -T fields
tshark: "-Tfields" was specified, but no fields were specified with "-e".
An alternative solution is to use one of the JSON formats (-T ek|json|jsonraw) or the XML format (-T pdml).
then accessing the fields in python (using a library like pandas in dictionary format like df["Source"])
In python you could parse the JSON using json.lodas() and get a dictionary. See https://www.w3schools.com/python/python_json.asp
Upvotes: 2
Related Questions
- creating a pcap file using python
- Wireshark PCAP file to csv
- Get all ips in PCAP file
- reading Pcap and writing it to csv file python
- Using Python to Read and Print Out a PCAP
- Convert all pcap file to csv with required columns python
- Tshark - Export packet info from pcap to cvs
- Parsing one field of PCAP file into a column in Python
- Accessing the data field in a pcap dump file in python
- Python - export fields to a CSV