Wireshark and Raspberry Pi

Raspberry Pi and Wireshark
Building a network capture probe with Raspberry Pi

The great news is you can do it easily by installing tshark on your system and running a simple script from one of our developers, Tom. The even better news is that you can lower the memory footprint of doing the capture with tshark by using Wireshark’s included packet capture process, dumpcap. In an embedded environment like a Raspberry Pi, this allows you to bypass tshark’s processing and send the resulting capture directly to CloudShark.


Raspberry Pi and Wireshark
Seven Easy Steps


  • Install dumpcap on your Raspberry Pi (it comes as part of the tshark package): sudo apt-get install tshark
  • sudo apt-get update
  • Download our script: wget https://github.com/cloudshark/cloudshark-capture/archive/master.zip and unpack the script.
  • Edit the api_token variable up at the top and insert your API token. You can change the prompt variable to y which will let the script ask you before uploading to CloudShark.
  • If you’re using your own CloudShark system, enter the URL in the cloudshark_url variable. Otherwise leave it as https://www.cloudshark.org/ .
  • Make the script executable: chmod +x cloudshark_capture.sh
  • Run the script and pass it any arguments you would normally pass to dumpcap/tshark. For example, if you want to capture 5 packets on interface eth0: ./cloudshark_capture.sh -i eth0 -c 5
  • Grab the returned URL and paste into your browser!


That’s all there is to it! You have now turned your Raspberry Pi into a network probe that can capture and upload to CloudShark. (Spoiler Alert: It likely works on other Linux systems too! But don’t take OUR word for it!)

https://enterprise.cloudshark.org/blog/2016-03-31-packet-capture-raspberry-pi/

No comments:

Post a Comment

Note: only a member of this blog may post a comment.