How can i automate Wireshark using perl script. I need to launch the software, capture for a specified duration and save the packet dissections into a text file using perl script. Is it possible to do so? asked 26 Mar '14, 23:56  zoikelle |
3 Answers:
There is a command line "version" of Wireshark called tshark, usually installed with the Wireshark suite, that is suitable for use with scripts. As to how to use it, well it's exactly the same as calling any other external command from perl. answered 27 Mar '14, 02:28  grahamb ♦ |
Take a look at Net::Sharktools. Regards answered 27 Mar '14, 11:43  Kurt Knochner ♦ |
For automated captures, I highly recommend using dumpcap rather than wireshark or tshark. The reason is that dumpcap doesn't keep the packets in memory as it writes, so it's far more resource-efficient for automated capture processes. If you want tshark-level intelligence (eg: with Wireshark display filters), I'd still recommend saving first with dumpcap, then running tshark against the file saved by dumpcap. If your objective is as simple as you say, a script could be written with just a few lines of code. What I usually do for this is grab the current date/time from Perl's localtime(), use the time as part of a file name, and schedule a dumpcap trace for a duration equal to the frequency that cron reruns the script. Do a 'man dumpcap' (installed with Wireshark) to see the options there for a system call from perl, no modules required. answered 30 Mar '14, 19:16  Quadratic |
