Hello. Does anyone happen to know if WireShark is capable of sending data it finds to HTTP destinations? asked 09 Oct '12, 13:01  InfusionDev20 |
3 Answers:
Wireshark is a protocol analyser and as such does not generate traffic. The output of Wireshark analysis can be saved or exported in various formats to the file system but not to an HTTP server. answered 09 Oct '12, 14:05  grahamb ♦ |
Wireshark? No. Tshark, maybe. You could try to hook it up to curl. Or go all out with CloudShark. answered 09 Oct '12, 14:09  Jaap ♦ Would something like CloudShark allow you to upload the data to an HTTP server let's say? And it looks like it's just a software based add-on to WireShark? (09 Oct '12, 14:18) InfusionDev20 |
O.K. here is my suggestion: You can create a Lua Listener and collect whatever data you want. Then use LuaSocket to send the data via SMTP, HTTP POST, FTP to another server. LuaSocket needs to be installed separately on Windows, as Wireshark does not provide that. However on the receiving server you need something (an application) that is able to accept and process that data. There is no standard solution available that works out of the box, but it is doable with reasonable effort. Regards answered 10 Oct '12, 07:15  Kurt Knochner ♦ So WireShark itself has no capabilities to send such data without the help of a corresponding code correct? In this case writing, a Lua Listener to collect that data and have a Lua Socket on the other end to receive it. (10 Oct '12, 07:24) InfusionDev20 as mentioned by others, wireshark has no "ready-to-use" builtin capability to do that. However, as Lua is also a builtin feature, whireshark will have that capability if you write some code to do it ;-)) And yes, you could also have a LuaSocket at the other end to receive the data, but that's not necessary, as you can send the data to a regular ftp server or HTTP server (POST request) with Lua from Wireshark. (10 Oct '12, 07:25) Kurt Knochner ♦ |
what do you mean exactly by "sending data to HTTP destinations" (by using a HTTP POST request)?
What kind of data? Packets in pcap format? Payload bytes (which encoding)?
It's more is it possible as WireShark is capturing the data to send the results to an HTTP server as it's being captured in real time.
O.K. how do you want to send the data to the HTTP server? My question has a certain intention. I might have an idea how to do it, if you tell me how you want to send the data ;-)
In a perfect world if it can be sent from WireShark itself that would be great. Someone else said they heard it was possible for WireShark to send data it finds to HTTP destinations, so I'm just trying to find out if such a thing is possible form within WireShark.