Can somebody tells me how to use tcpdump to filter out udp or tcp traffic on a specific source and destination ip and save the output into a csv file? Its not necessary a csv file if I can convert the pcap file into a csv by using an etl tool.
Also I am interested in a 100ms time resolution when I collect the data, can I do it with tcpdump?
Thanks.
You could use the method explained in this link which explains a method with tshark.
# tshark -r traffic.pcap -T fields -e ip.src -E separator=, -E occurrence=f > traffic.csv
-r: to read the .pcap file.
-T fields: different fields which are needed to capture.
-E separator: if there are multiple fields extracting separator is used to differentiate.
-E occurrence: Which occurrence is used for the field which has multiple occurrence, ‘f’ is for first and it store the fields inside the .csv file.Multiple fields
# tshark -r traffic.pcap -T fields -e ip.src -e frame.len -e ip.proto -E separatorr=, -E occurrence=f > traffic.csv
I doubt you could ask tcpdump to write in a CSV file, this tool is too simple.
But you could ask tshark(it's a console utility from the wireshark package) to do it.
see https://ask.wireshark.org/questions/2935/creating-a-csv-file-with-tshark
