:: usage: tshark_ALL.bat <FILENAMEOFCAPTURE>.pcap
@ECHO OFF
echo "###########READY TO PARSE#########"
echo "#######CREATING OUTPUT DIRECTORY######"
mkdir %1_DIR
echo "########Running DNS Extractions######"
"c:\Program Files\Wireshark\tshark.exe" -r %1 -R "udp.port == 53" -T fields -E separator=# -e frame.time -e ip.src_host -e ip.dst_host -e ip.proto -e dns.qry.name > %1_DIR\dnstraffic.%1.txt
echo "#######Running WEB Extractions######"
"c:\Program Files\Wireshark\tshark.exe" -r %1 -T fields -E separator=# -e frame.time -e ip.src_host -e ip.dst_host -e ip.proto -e tcp.srcport -e tcp.dstport -e http.user_agent -e http.request.method -e http.host -e http.request.uri > %
1_DIR\httptraffic.%1.txt
echo "#######Running HTTP REQUEST Extractions######"
"c:\Program Files\Wireshark\tshark.exe" -r %1 -T fields -E separator=# -e http.host -e http.request.uri > %1_DIR\http_requests.%1.txt
echo "#######IP STAT FILE CREATION####
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q -z ip_hosts,tree > %1_DIR\ipstats.%1.txt
echo "#####TCP CONVERSATION FILE CREATION####
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q -z conv,tcp > %1_DIR\tcpconvo.%1.txt
echo "#####UDP CONVERSATION FILE CREATION####
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q -z conv,udp > %1_DIR\udpconvo.%1.txt
echo "#####ETH CONVERSATION FILE CREATION####
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q -z conv,eth > %1_DIR\ethconvo.%1.txt
echo "#####Protocol Types CONVERSATION FILE CREATION####
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q -z ptype,tree > %1_DIR\ptypes.%1.txt
echo "#####HTTP INFO FILE CREATION####
echo "#####HTTP TREE SECTION####" > %1_DIR\httpstats.%1.txt
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q -z http,tree >> %1_DIR\httpstats.%1.txt
echo "#####HTTP REQUEST TREE SECTION####" >> %1_DIR\httpstats.%1.txt
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q -z http_req,tree >> %1_DIR\httpstats.%1.txt
echo "#####HTTP REQUEST TREE SECTION####" >> %1_DIR\httpstats.%1.txt
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q -z http_req,tree >> %1_DIR\httpstats.%1.txt
echo "#####HTTP SERVER TREE SECTION####" >> %1_DIR\httpstats.%1.txt
"c:\Program Files\Wireshark\tshark.exe" -r %1 -q -z http_srv,tree >> %1_DIR\httpstats.%1.txt
echo "##FINISHED PARSING###"
Tshark Reference Links:
http://www.packetlevel.ch/html/tshark/tsharkfilt.html