locked
How to dump network monitor capture file to text file? RRS feed

  • Question

  • Hi, I want to convert network monitor capture file (*.cap) to text file.

    Could you please let me know how to do?

    I am planning to monitor access from users to Web server everyday automatically. 

    Best regards,

    Fang

    Saturday, March 3, 2012 3:09 PM

Answers

  • There's not just one API to do this, but the example I mentioned above  "Iterating Fields with Display Format" gives you a general idea for how to do this.

    Paul

    • Marked as answer by Paul E Long Wednesday, September 11, 2013 1:53 PM
    Wednesday, September 11, 2013 1:53 PM

All replies

  • The is no built in way to save a capture as a text file today.  You could use the API to create a simple application to do this.  In fact the example in the help called "Iterating Fields with Display Format" which might be similar to what you want, albeit for just one frame.  But it should be easy to extend for an entire trace.

    However, if you are going through the effort to create a program with the API, you might also investigate having the API called from the web service (or by another app), which automatically pulls the user information you want directly.  Such an app would have better performance.

    Also, keep in mind that capturing and parsing data from a web server could have a large effect on performance.  You'll want to monitor this to make sure this isn't loading down your server.

    Paul

    Monday, March 5, 2012 2:40 PM
  • Since I also had the same kind of problem, thought I'd post what worked for me:

    1. Run Network Monitor and save to .cap file.

    2. Get Wireshark and install it on a workstation or something like that (DO NOT INSTALL THIS ON A SERVER).  Ideally, install it in a VM or something like that.   Also, do not install the pcap extensions, you don't need them for this.

    3. Open your capture file in Wireshark.  File > Export > Text.

    4. If you need to script this process, in theory there is a command line utility included with Wireshark that can do this for you, but I haven't tried it.

    -Mary

    Saturday, May 19, 2012 8:36 PM
  • Hi

    Can you please which method in the Network Monitor API  which parses the captre file (*.cap) into text/csv/excel file?

    Please, it is very important and I hope you can help.

    Regards,

    Nadeem

    • Marked as answer by Paul E Long Wednesday, September 11, 2013 1:49 PM
    • Unmarked as answer by Paul E Long Wednesday, September 11, 2013 1:49 PM
    Sunday, September 8, 2013 11:17 AM
  • There's not just one API to do this, but the example I mentioned above  "Iterating Fields with Display Format" gives you a general idea for how to do this.

    Paul

    • Marked as answer by Paul E Long Wednesday, September 11, 2013 1:53 PM
    Wednesday, September 11, 2013 1:53 PM
  • Hi,

    Can you please send me a link to the "Iterating Fields with Display Format"? since I can't find it.

    Regards,

    Nadeem

    Monday, September 16, 2013 11:45 AM
  • It's the help file you access from Network Monitor's Help menu.  It's not online but a CHM installed when you install Network Monitor.

    Paul

    Tuesday, September 24, 2013 9:34 PM