Skip to content
/ pcap2csv Public

Use PyShark and scapy to read fields from a pcap file and populate a CSV

License

MIT license
55 stars 23 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vnetman/pcap2csv

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pcap2csv.py
pcap2csv.py
 
 

Repository files navigation

pcap2csv

Use PyShark and scapy to read fields from a pcap file and populate a CSV

Usage: pcap2csv --pcap <input pcap file> --csv <output pcap file>

Each packet in the pcap is rendered into one row of the csv file. The specific items to extract, and the order in which they are rendered in the csv are hard-coded in the script, in the 'render_csv_row' function. Also note that the separators in the csv are '|' characters, not commas.

This script uses both PyShark (https://kiminewt.github.io/pyshark/) and Scapy to do its work. PyShark because we want to leverage tshark's powerful protocol decoding ability to generate the "textual description" field of the CSV (like "Standard query 0xf3de A www.cisco.com", "Client Hello" etc.), and Scapy because at the same time we want to access the "payload" portion of the packet (PyShark seems to be unable to provide this).

About

Use PyShark and scapy to read fields from a pcap file and populate a CSV

Resources

Readme

License

MIT license
Activity

Stars

55 stars

Watchers

5 watching

Forks

23 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages