Hi All, are there any sample scripts to initiate tshark, run it for 5 minutes, initiate a few commands like ping 8.8.8.8, http://www.google.com, tracert www.msn.com, etc. and then close tshark and save the file to a local directory so it can be analyzed later? Thanks! asked 07 Jun '16, 08:26  Gipper2016 |
One Answer:
Sure there are but as you haven't given the operating system, we have to guess by the name of And what you ask is rather a question on scripting than on Wireshark. So by looking at tshark man page, you'd find that
The magic command you need to spawn a parallel process in Windows is "start" and it requires a window title as the first parameter. So you'd use ` answered 07 Jun '16, 09:41  sindy |
Thank you sindy, excellent info! Another hurdle I see is how to select an active interface? Is it best to just select all interfaces? or is there a trick to pick only active interfaces? Thanks!
I'm not sure I understand what you mean. You seem to be going to ping, traceroute and browse known addresses, so the routing table should give you enough information to know in advance which interface the OS will use to send those packets. But capturing on all interfaces won't do any harm, as the capture file contains the ID of the interface on which each particular frame has been captured, so you can work with that information later.
Sorry, wasn't clear. Since laptops will have multiple interfaces and by default tshark will pick the first non loopback, is there a way to prompt the user to select an interface or is it possible to silently select all interfaces programmatically? I'm trying to automate the process as much as possible for someone that does not know how to use wireshark so they can run it remotely and send me the output file.
See the manual, use -i <interface> to define the interface. Prompting can be done via your script, if needed.