Convert all pcap file to csv with required columns

2020-05-02 01:39发布

站内文章 / Python
70 0 0

问题:

I need to write all the output CSV files to a different folder. For example if .pcap files were in subfolders Sub1, Sub2. And Sub1 has a1.pcap and a2.pcap. Sub2 has b1.pcap and b2.pcap.

I need my output CSV files to get written into a folder with the same names as above. Sub1, Sub2, then Sub1 should have a1.csv, a2.csv. Sub2 should have b1.csv, b2.csv.

How can I do that please?

I am getting the error below:

outputdir = startdir / "Outcsv"
TypeError: unsupported operand type(s) for /: 'str' and 'str'

The code is:

import os
startdir= '/root/Desktop/TTT'
suffix= '.pcap'
outputdir = startdir / "Outcsv"

for root,dirs, files, in os.walk(startdir):
    for name in files:
        if name.endswith(suffix):
            filename = os.path.join(root,name)
            output_filename = outputdir / filename.relative_to(startdir)
            cmd = 'tshark -r {} -T fields -e frame.number -e frame.time_relative -e wlan.sa -e wlan.da -e wlan.ta -e wlan.ra -e frame.time_delta_displayed -e frame.len -E header=y -E separator=, -E quote=d -E occurrence=f > {}.csv'
            final_cmd = cmd.format(filename, output_filename)
            os.system(final_cmd)

回答1:

If you are trying to recreate a folder structure at a different location you will need to ensure that the folders are created. This can be done using the os.makedirs() command. The subfolder structure can be determined by using any path deeper than startdir. This can then be appended onto your outputdir location.

The file extension can also be replaced by using os.path.splitext().

For example:

import os

startdir = '/root/Desktop/TTT'
suffix= '.pcap'
outputdir = os.path.join(startdir, "Outcsv")

for root, dirs, files, in os.walk(startdir):
    for name in files:
        if name.lower().endswith(suffix):
            sub_folders = root[len(startdir)+1:]

            input_filename = os.path.join(root, name)
            output_path = os.path.join(outputdir, sub_folders)
            os.makedirs(output_path, exist_ok=True)  # Ensure the output folder exists
            output_filename = os.path.join(output_path, os.path.splitext(name)[0] + '.csv')

            cmd = 'tshark -r {} -T fields -e frame.number -e frame.time_relative -e wlan.sa -e wlan.da -e wlan.ta -e wlan.ra -e frame.time_delta_displayed -e frame.len -E header=y -E separator=, -E quote=d -E occurrence=f > {}'
            final_cmd = cmd.format(input_filename, output_filename)

            print(final_cmd)
            os.system(final_cmd)


回答2:

Call tshark, (something like this )

f_in = 'x.pcap'
f_out = 'x.csv'
tshark_template = 'tshark -r {} -T fields -e frame.number -e frame.time -e eth.src -e eth.dst -e ip.src -e ip.dst -e ip.proto -E header=y -E separator=, -E quote=d -E occurrence=f > {}'
final_tshark_cmd = tshark_template.format(f_in,f_out)

Build the command dynamically using python, so you can control the names of the files.

Each -e stands for a field that you want to be in the output.



标签: python python-3.x csv wireshark pcap
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~