Search code examples
csvnetworkingwiresharkpacketpcap

Exporting pcap file into csv with all informations

I tried exporting a pcap file into a CSV from Wireshark. But while doing so I just get the basic data like Frame No, Time, Source, Destination, Protocol, Length and Info. But while exporting the same pcap file as a plain text file or JSON file includes all the detailed information about the packet. How to get the columns like

  • duration
  • protocol_type
  • service
  • flag
  • src_bytes
  • dst_bytes
  • land
  • wrong_fragment
  • urgent
  • hot
  • num_failed_logins
  • logged_in
  • num_compromised
  • root_shell
  • su_attempted
  • num_root
  • num_file_creations
  • num_shells
  • num_access_files
  • num_outbound_cmds
  • is_host_login
  • is_guest_login
  • count
  • srv_count
  • serror_rate
  • srv_serror_rate
  • rerror_rate
  • srv_rerror_rate
  • same_srv_rate
  • diff_srv_rate
  • srv_diff_host_rate
  • dst_host_count
  • dst_host_srv_count
  • dst_host_same_srv_rate
  • dst_host_diff_srv_rate
  • dst_host_same_src_port_rate
  • dst_host_srv_diff_host_rate
  • dst_host_serror_rate
  • dst_host_srv_serror_rate
  • dst_host_rerror_rate
  • dst_host_srv_rerror_rate

Does a single packet has all these field details? If there is another way to get these please suggest them

Solution

  • I later found that most of the fields that I mentioned in the question are flow-related information, not just a packet.

    https://github.com/ahlashkari/CICFlowMeter

    Check this above repository, it extracts 82 features. The data can be captured or imported from a pcap file.