2
votes

I want to convert a pcap file into the csv using the python code; but the problem is I should specify precisely what fields to be exported using the tshark library. I want to export all fields. when I dont specify the fields, blank file is exported. the sample code is presented below:

tshark -r /root to the file/test1.pcap -T fields -e ip.src > test1.csv

I want to remove the special fields to export ALL fields; then accessing the fields in python (using a library like pandas in dictionary format like df["Source"])

Any help appreciated!

1

1 Answers

1
votes

I want to remove the special fields to export ALL fields;

This is not possible with the CSV (fields) format

$tshark -r trace.pcap -T fields
tshark: "-Tfields" was specified, but no fields were specified with "-e".

An alternative solution is to use one of the JSON formats (-T ek|json|jsonraw) or the XML format (-T pdml).

then accessing the fields in python (using a library like pandas in dictionary format like df["Source"])

In python you could parse the JSON using json.lodas() and get a dictionary. See https://www.w3schools.com/python/python_json.asp