How can i use the tshark utility to download a list of protocols from a .pcap file? Only protocols are needed.
Asked
Active
Viewed 167 times
-1
desertnaut
- 57,590
- 26
- 140
- 166
Alex Rebell
- 465
- 3
- 15
1 Answers
3
I am not sure if this is the fastest way but should output what you need.
The following line will output a CSV file
tshark -r file.pcap -E header=y -E separator=, -T fields -e frame.protocols > file.csv
And then you can use the following Python code
import pandas as pd
df = pd.read_csv('file.csv')
new = df["frame.protocols"].str.split(":",expand = True)
pd.value_counts(new.values.ravel())
You can see the number of occurrences of each protocol.
P.S. Ignore eth and ethertype
Meriem
- 130
- 10
-
Thank you very much. Apparently I asked the question the wrong way, because this command outputs the protocol for each packet to me. `eth:ethertype:ip:udp:rtp eth:ethertype:ip:udp:rtp eth:ethertype:ip:ip eth:ethertype:ip:ip eth:ethertype:ip:ip` how would I make it output the name of the protocol and how many times it occurs in this dump? – Alex Rebell Oct 27 '21 at 13:49
-
Hello @AlexRebell, could you elaborate more, what do you mean by the name? Do you mean for example IP = Internet Protocol? – Meriem Oct 27 '21 at 22:03
-
@AlexRebell It would be appreciated if you can explain the output you need by giving an example of the needed output – Meriem Oct 27 '21 at 22:09
-
Hello! I need an approximate result like this: Protocol and its number (i.e. how many times it occurs in network traffic) for example: `SHH - 15; Telnet - 20;` and so on. Thank you – Alex Rebell Oct 28 '21 at 06:20
-
1@AlexRebell I edited the answer, please check it. Please do not hesitate to comment back if you need any help – Meriem Oct 28 '21 at 21:52
-
Super, what you need. Please correct your answer, it should not be `frame.protocol`, but `frame.protocols`. thank you very much – Alex Rebell Oct 29 '21 at 07:49
-
Thank you @AlexRebell for letting me know about the typo. Hope it worked for you. – Meriem Oct 29 '21 at 16:00