Parsing *.pcap files


Hello all! :wink:
I have many pcap files and want to automatize the parsing of them. Sorry for my English.
I want:
1)open pcap file
2)use some filters
3)save results in another file
I use command:
Run(‘C:\Program Files\Wireshark\wireshark.exe -r D:\test\1.pcap -R “ip.addr == || ip.addr ==” -R “tcp.port == 80 || tcp.port == 443 || tcp.port == 53” -p -w D:\test\parsed1.pcap -a duration:3’)
But it does’t save results in parsed1.pcap :frowning:
Can you tell me how can I do 3) ? Thanks!



You can use tshark for this.
tshark is the terminal version of wireshark.

-p seems useless here.

-a duration:3 must be used only for a capture.
you are using -r D:\test\1.pcap, so this is not a capture.
tshark does not like it :
tshark: A maximum capture time was specified, but a capture isn’t being done.
and no output file



Thanks, it works :slight_smile: