I need to convert a pcap file that I have on my drive into a csv file using python code ( I know how to do it using wireshark UI ) but I need to do it throught a python code ,
I already triend this code :
import os
os.system("tshark -r mirai.pcap -T fields -e ip.src -e frame.len -e ip.proto -E separatorr=, -E occurrence=f > traffic.csv")
I get a result file but it's empty one.
Can anyone help me please.
It got it to work when I changed to command to:
os.system("tshark -r mirai.pcap -T fields -e ip.src -e frame.len -e ip.proto -E separator=, -E occurrence=f > traffic.csv")
that is changing separatorr to separator.
Usually I use package pyshark (https://pypi.org/project/pyshark/) to process my pcap files in python.
This is an easiest way to do it (in my opinion)
os.system ('tshark -r'+in_file +'>'+ out_file +'.txt')
where
in_file = <name of your pcap file>
out_file = <name of your output file>
PS: Tested on python 3 only
I did it in the following manner using subprocess:
import subprocess
with open('/path/to/csv_file.csv','w') as f:
subprocess.run("tshark -r /path/to/pcap_file.pcap -T fields
-e frame.number -e ip.src -e ip.dst
-E header=y -E separator=/t".split(), stdout =f)
The stdout gets written to '/path/to/csv_file.csv'
You can use tshark and Python to automate this.
import os
for file in os.listdir('/path/to/pcap/files/'):
output_csv = file + '.csv'
os.system(f"tshark -N n -r ./test/{file} -T fields -e frame.number -e _ws.col.Time -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Protocol -e _ws.col.Length -e _ws.col.Info -E header=y -E separator=, > {output_csv}")
The reason why u didn't get an empty csv is that you haven't install tshark to be available to your CLI. in Linux. try apt-install tshark, In windows , you have to install Wireshark then set the environment variable to the installation folder to make tshark activated to your Command prompt.
