

Myfile.csv: name of csv file, you don't have to creat this before running the code as it will be autimaitcally created in Data folder. Myfile.pcap: name of pcap file in Data folder. tshark -r Data\myfile.pcap -E header=y -E separator=, -T fields -e ip.src -e ip.dst -e ip.proto -e eth.src -e eth.dst > Data/myfile.csv You can select the features from this tshark link, based on the protocol.Įxample: Extract IP address (source and destination), Protocol, MAC address (source and destination) from a PCAP file and output a CSV file.

The list of the fields/features can be long to be mentioned here. from command line (homebrew/macports, yum install, apt-get install). E header= y: if you want to have the name of features in the output CSV files. We will use Wireshark, a network packet capture tool, to look at TCP packets when. The above code will read a pcap file, extract the features (fields) and output a CSV file. Tshark can do that using the following instruction: tshark -r (path of pcap file) -E separator=, -E header=y -T fields -e field1 -e field2.
