shahifaqeer/tshark_extract.sh

## tshark_extract.sh
#!/bin/bash

# editcap -i 3600 dns_all_20170124_20170130.pcap split_20170124_20170130/split_hour.pcap
# tshark -r file.pcap -T fields -e frame.time_relative -e ip.src -e ip.dst -e dns.qry.name -Y "dns.flags.response eq 0" > file.csv

date=$1 #20170124_20170130 or 20170207_20170212
for filename in split_$date/*.pcap; do
	echo "extract $filename to tshark_$date"
	tshark -r "$filename" -E separator="|" -T fields -e frame.time_epoch -e frame.time_relative -e ip.src -e ip.dst -e dns.qry.name -e dns.qry.type -Y "dns.flags.response eq 0" > "tshark_$date/$(basename "$filename" .pcap).csv"
done
	#!/bin/bash

	# editcap -i 3600 dns_all_20170124_20170130.pcap split_20170124_20170130/split_hour.pcap
	# tshark -r file.pcap -T fields -e frame.time_relative -e ip.src -e ip.dst -e dns.qry.name -Y "dns.flags.response eq 0" > file.csv

	date=$1 #20170124_20170130 or 20170207_20170212
	for filename in split_$date/*.pcap; do
	echo "extract $filename to tshark_$date"
	tshark -r "$filename" -E separator="\|" -T fields -e frame.time_epoch -e frame.time_relative -e ip.src -e ip.dst -e dns.qry.name -e dns.qry.type -Y "dns.flags.response eq 0" > "tshark_$date/$(basename "$filename" .pcap).csv"
	done