Convert all pcap file to csv with required columns python

Question

I need to write all the output CSV files to a different folder. For example if .pcap files were in subfolders Sub1, Sub2. And Sub1

Answer 1

If you are trying to recreate a folder structure at a different location you will need to ensure that the folders are created. This can be done using the os.makedirs() command. The subfolder structure can be determined by using any path deeper than startdir. This can then be appended onto your outputdir location.

The file extension can also be replaced by using os.path.splitext().

For example:

import os

startdir = '/root/Desktop/TTT'
suffix= '.pcap'
outputdir = os.path.join(startdir, "Outcsv")

for root, dirs, files, in os.walk(startdir):
    for name in files:
        if name.lower().endswith(suffix):
            sub_folders = root[len(startdir)+1:]

            input_filename = os.path.join(root, name)
            output_path = os.path.join(outputdir, sub_folders)
            os.makedirs(output_path, exist_ok=True)  # Ensure the output folder exists
            output_filename = os.path.join(output_path, os.path.splitext(name)[0] + '.csv')

            cmd = 'tshark -r {} -T fields -e frame.number -e frame.time_relative -e wlan.sa -e wlan.da -e wlan.ta -e wlan.ra -e frame.time_delta_displayed -e frame.len -E header=y -E separator=, -E quote=d -E occurrence=f > {}'
            final_cmd = cmd.format(input_filename, output_filename)

            print(final_cmd)
            os.system(final_cmd)

Answer 2

Call tshark, (something like this )

f_in = 'x.pcap'
f_out = 'x.csv'
tshark_template = 'tshark -r {} -T fields -e frame.number -e frame.time -e eth.src -e eth.dst -e ip.src -e ip.dst -e ip.proto -E header=y -E separator=, -E quote=d -E occurrence=f > {}'
final_tshark_cmd = tshark_template.format(f_in,f_out)

Build the command dynamically using python, so you can control the names of the files.

Each -e stands for a field that you want to be in the output.