-
Notifications
You must be signed in to change notification settings - Fork 0
/
pcap_csv.py
127 lines (117 loc) · 3.28 KB
/
pcap_csv.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
import subprocess
import pandas as pd
import os
import zipfile
# Function to convert hexadecimal SSID to ASCII
def hex_to_ascii(hex_str):
try:
ascii_str = bytes.fromhex(hex_str).decode('utf-8')
return ascii_str
except Exception as e:
return str(e)
# Function to execute tshark command and convert pcap to csv
def convert_pcap_to_csv(pcap_file):
# Define tshark command
tshark_command = [
"tshark",
"-r",
pcap_file,
"-T",
"fields",
"-e",
"frame.number",
"-e",
"frame.time",
"-e",
"wlan_radio.signal_db",
"-e",
"wlan_radio.channel",
"-e",
"wlan.ssid",
"-e",
"_ws.col.Protocol",
"-e",
"ip.ttl",
"-e",
"wlan.bssid",
"-e",
"wlan.sa",
"-e",
"wlan.ta",
"-e",
"wlan.ra",
"-e",
"wlan.da",
"-e",
"ip.src",
"-e",
"ip.dst",
"-e",
"tcp.srcport",
"-e",
"tcp.dstport",
"-e",
"tcp.flags",
"-e",
"_ws.col.Info",
"-e",
"frame.len",
"-e",
"frame.time_delta_displayed",
"-e",
"ppi_gps.lat",
"-e",
"ppi_gps.lon",
"-e",
"ppi_gps.alt",
"-E",
"header=y",
"-E",
"separator=|"
]
# Execute tshark command and capture output
process = subprocess.Popen(tshark_command, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
output, error = process.communicate()
if error:
print(f"Error occurred while executing tshark command for {pcap_file}: {error.decode()}")
return False
# Convert the output to DataFrame
output_lines = output.decode().split('\n')
header = output_lines[0].split('|')
data = [line.split('|') for line in output_lines[1:] if line.strip()]
df = pd.DataFrame(data, columns=header)
# Define data types for columns with mixed types
dtype_mapping = {
"wlan.ssid": str,
"wlan_radio.channel": str,
"tcp.srcport": str,
"tcp.dstport": str,
# Add other columns here with mixed types if needed
}
# Convert hexadecimal SSID to ASCII
df['wlan.ssid'] = df['wlan.ssid'].apply(hex_to_ascii)
# Save the modified DataFrame to a CSV file
output_dir = "Your Directory"
output_file = os.path.join(output_dir, f"{os.path.splitext(os.path.basename(pcap_file))[0]}_ascii.csv")
df.to_csv(output_file, index=False)
return True
# Define input directory path
input_directory = "Your Directory"
unziped = []
# Search input directory for pcap files and convert them to csv
for root, subFolders, files in os.walk(input_directory):
for file in files:
if (".pcap" in file or ".cap" in file):
pcap_file = os.path.join(root, file)
if not convert_pcap_to_csv(pcap_file):
print(f"Failed to convert {pcap_file} to CSV.")
elif (".zip" in file):
with zipfile.ZipFile(root + '/' + file) as myzip:
for zipC in myzip.namelist():
if ('.pcap' in zipC or '.cap' in zipC):
location=myzip.extract(zipC)
unziped.append(location)
if not convert_pcap_to_csv(location):
print(f"Failed to convert {location} to CSV.")
for x in unziped:
os.remove(x)