TechQA.

multiple pcap files to csv

128 views Asked by At

I am trying to convert pcap files to csv for all files in a folder using python .My code does not give me any error neither the output.Actually I can do it with the tshark command line but I wanted to try it in python.Btw I am new to python

I am trying to convert pcap files to csv for all files in a folder using python .My code does not give me any error neither the output.Actually I can do it with the tshark command line but I wanted to try it in python.Btw I am new to python

Here's my code:

import os
import glob
file_path='path/to/pcap/files'
def create_csv(filename):
    x=f'tshark -r {filename} -Y sip -T fields -e ip.src -e ip.dst -e sip.From -e sip.to -E header=y -E separator=, > {filename}.csv '
    print(x)
    os.system(x)

for filename in glob.glob(file_path + '*.pcap'):
    create_csv(filename)
python tshark
Original Q&A
1

There are 1 answers

0
RaiZy_Style On BEST ANSWER

First of all, make sure that the common issue under are valid for you.

Common mistake :

  1. Make sure that your pcap file is, indeed a pcap file. Wireshark save by default in a .pcapng format.
    ls -alF path/to/pcap/files

  2. Make sure that your program are fetching those files. You can use a print like so :

for filename in glob.glob(file_path + '*.pcap'):
    print(f"Current file is : {filename}")
    create_csv(filename)
  1. Make sure tshark is installed (apt install tshark on linux)
  2. You might need to provide the full path of tshark exe. Depending if you have tshark in your $PATH.

Solution :

import os
import glob
file_path='path/to/pcap/files/'
def create_csv(filename):
    # Typo in -e sip.to. Should be -e sip.To
    x=f'tshark -r {filename} -Y sip -T fields -e ip.src -e ip.dst -e sip.From -e sip.to -E header=y -E separator=, > {filename}.csv ' # Will not work 
    x=f'tshark -r {filename} -Y sip -T fields -e ip.src -e ip.dst -e sip.From -e sip.To -E header=y -E separator=, > {filename}.csv ' # Correct line
    print(x)
    os.system(x)

for filename in glob.glob(file_path + '*.pcap'):
    print(f"Current file is : {filename}")
    create_csv(filename)

Check if the solution is working :

  1. Does it print you every pcap file in the path given ?
  2. Does it print you the tshark command ?
  3. Can you copy past the tshark command printed and post it in a new shell (NOT VSCODE SHELL). Does the command work ?

Related Questions in PYTHON

Related Questions in TSHARK

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions