#!/bin/bash

the_csv_file="all_more_fields.csv"

COUNTER=0
for f in ./data_churn/*.pcap; do
    echo "Parsing: $f"
    tshark \
    -r "$f" \
    -Y "dns.flags.response==1" \
    -T fields \
    -E separator=\; \
    -e frame.time_epoch \
    -e dns.qry.name \
    -e dns.resp.type \
    -e dns.a \
    -e dns.cname \
    -e dns.resp.ttl \
    -e dns.flags \
    -e dns.flags.authoritative \
    -e ip.ttl \
    -e ip.id \
    -e ip.flags \
    -e ip.flags.df \
    -e ip.dsfield > "$(basename ${f})".txt &
    if [  $COUNTER -eq 50 ]; then
        echo "Wait for all subprocesses to finish..."
        wait
        COUNTER=0
    fi
    let COUNTER=COUNTER+1
done

wait

echo "ts;qname;type;answer;cname;dns_ttl;dns_flags;dns_aa;ip_ttl;ip_id;ip_flags;df;tos" > "$the_csv_file"

# leave a record on which pcaps are extracted
ls -v *.pcap.txt > raw_pcap_names.txt
cat $(ls -v *.pcap.txt) >> "$the_csv_file"
rm *.pcap.txt