I've captured a few days worth of tcpdump data from a simulated network and I am trying to just extract the frame number, timestamp, destination address, destination port, protocol, frame length and payload from the generated file into a CSV file (using | as a unique separator instead).
I've managed to extract all but the payload using one tshark command:
'tshark -r file.pcap -T fields -E separator=| -e frame.number -e frame.time ect... > ~/Logs/output1.txt'
And the payload with a packet summary using a separate tshark command:
'tshark -r file.pcap -Px > ~/Logs/output2.txt'
The -x option prints the payload but I'm unsure how to get it to work with the first command.
The second command prints most of the required fields with the -P option but only in a space separated form.
Any thoughts?
No comments:
Post a Comment