Analysing libpcap capture files automatically/CLI
Hi,
I've been coming here many times looking for answers, and it's proven to be a really useful source of information. Now I have a question on my own which I'm hoping you guys have some ideas about :) Really, what I want to do is to capture network traffic continuously so that I keep a day or so of traffic which can be analysed manually. In addition to this, if I'm looking for something in particular. Ie, I want to find a SIP packages containing a specific header value or something else. Basically, what I would normally use as display filter in wireshark I want to be able to do in a command line way to see if filter will show zero or more packages. A bonus would be if I could get text representation of packages that are matched, but that should not be needed. Any ideas? BR Göran |
Hi,
I found that tshark can do what I need. It supports display filters with the -R flag as the example below. tshark -R "http.proxy_connect_host == "id.google.com"" -r /tmp/sample.pcap |
End result in case someone is interested.
Code:
#!/bin/bash |
All times are GMT -5. The time now is 07:54 PM. |