Raspberry Pi and Wireshark

Raspberry Pi and Wireshark
Building a network capture probe with Raspberry Pi

The great news is you can do it easily by installing tshark on your system and running a simple script from one of our developers, Tom. The even better news is that you can lower the memory footprint of doing the capture with tshark by using Wireshark’s included packet capture process, dumpcap. In an embedded environment like a Raspberry Pi, this allows you to bypass tshark’s processing and send the resulting capture directly to CloudShark.


Raspberry Pi and Wireshark
Seven Easy Steps
  • Install dumpcap on your Raspberry Pi (it comes as part of the tshark package): sudo apt-get install tshark
  • sudo apt-get update
  • Download our script: wget https://github.com/cloudshark/cloudshark-capture/archive/master.zip and unpack the script.
  • ***
  • Edit the api_token variable up at the top and insert your API token.   https://support.cloudshark.org/online/getting-started.html#getting-your-api-key:b6885e1f85551f51a4707c402f8200a3     You can change the prompt variable to y which will let the script ask you before uploading to CloudShark.
  • If you’re using your own CloudShark system, enter the URL in the cloudshark_url variable. Otherwise leave it as https://www.cloudshark.org/ .
  • Make the script executable: chmod +x cloudshark_capture.sh
  • Run the script and pass it any arguments you would normally pass to dumpcap/tshark. For example, if you want to capture 5 packets on interface eth0: ./cloudshark_capture.sh -i eth0 -c 5
  • Grab the returned URL and paste into your browser!
https://enterprise.cloudshark.org/blog/2016-03-31-packet-capture-raspberry-pi/

That’s all there is to it! You have now turned your Raspberry Pi into a network probe that can capture and upload to CloudShark. (Spoiler Alert: It likely works on other Linux systems too! But don’t take OUR word for it!)

***   Your first stop for uncompressing any file on your Raspberry Pi should be to use Archiver. This lightweight desktop app, also known as Xarchiver, is included with Raspbian and can handle 7-zip, arj, bzip2, gzip, rar, lha, lzma, lzop, deb, rpm, tar, and zip archives. Open it using Menu > Accessories > Archiver.
https://www.raspberrypi.org/magpi/unzip-and-uncompress-files-on-a-raspberry-pi/



Re: Installing Wireshark or similar application
https://www.raspberrypi.org/forums/viewtopic.php?t=122741

STICKY: What Windows 10 for IoT is, and is not!
https://www.raspberrypi.org/forums/viewtopic.php?f=105&t=115197

Wireshark remote monitoring with GUI
https://www.raspberrypi.org/forums/viewtopic.php?t=152867




Labels: , , , , ,

No comments:

Post a Comment

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)