I have written a batch file that runs a tshark command to filter fields from a wireshark pcap file and write them to a csv file. When i ran on the windows cmd CLI, i had to change the current working directory to the wireshark folder directory in the My Computer> Program Files, so i changed the current working directory in the batch file so that it would run the same way as i ran in the windows cmd CLI.
Tshark is a tool or program available on Windows and Linux. Having no GUI only command line interface. Wireshark is packet capturing tool, which have GUI option. Tshark is the command line version of wireshark. It captures the bytes over computer network and displays the capture on screen.
However, when i ran the below batch script, the output csv file was blank. How do i correct this batch script so that i can see the contents in the output csv file generated using wireshark's tshark command?
I wrote the batch file like this.
@echo off
set curr_dir=%cd%
chdir /D cd..
chdir /D cd..
chdir /D cd program files
Tshark Windows Interface
chdir /D cd wireshark
tshark -T fields -n -r 'C:UsersL33604DesktopSynFlood Sample.pcap' -E separator=, -e ip.src -e ip.dst > 'C:UsersL33604Desktoplogcapture.txt'
Tshark Windows Download
1 Answer
Probably the problem is that you didnt enclose program files with quotes. The batch program wont properly handle a path or file name with a space unless you put quotes around it.
I did the following to your batch program, and it assumes that the Wireshark directory is on the C: drive and that the logcapture and synflood sample files are where you report they are: