Curious52 Posted September 13, 2013 Posted September 13, 2013 I try to find the way to use Autoit for interacting and analyse Wireshark tool (get some specific data), can Autoit do it? If YES, please provide some related links? Thanks to any help
orbs Posted September 13, 2013 Posted September 13, 2013 in Wireshark, File > Export you can export the capture data to text file, which can later be analyzed by AutoIt. this thread has some more info: http://serverfault.com/questions/150167/how-do-i-convert-wireshark-capture-files-to-text-files if you mean real-time analysis, then direct the Wireshark stdout stream to be read by AutoIt. i forget how it's done, but it's not hard, search the web for it. Signature - my forum contributions: Spoiler UDF: LFN - support for long file names (over 260 characters) InputImpose - impose valid characters in an input control TimeConvert - convert UTC to/from local time and/or reformat the string representation AMF - accept multiple files from Windows Explorer context menu DateDuration - literal description of the difference between given dates WinPose - simultaneous fluent move and resize Apps: Touch - set the "modified" timestamp of a file to current time Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes SPDiff - Single-Pane Text Diff Magic Math - a math puzzle Demos: Title Bar Menu - click the window title to pop-up a menu
Curious52 Posted September 13, 2013 Author Posted September 13, 2013 Yes, I meant real-time analsysis and as you suggested I am searching the web. Thanks for helping
corgano Posted September 13, 2013 Posted September 13, 2013 STDoutread in the help file. If that's not what it's called, search for STD in the help file, or start typing it in SciTE and it will give you an autocorrect option for it. The example in the help file should be good enough to get you going good luck 0x616e2069646561206973206c696b652061206d616e20776974686f7574206120626f64792c20746f206669676874206f6e6520697320746f206e657665722077696e2e2e2e2e
iamtheky Posted September 13, 2013 Posted September 13, 2013 (edited) use tshark to dump logs of desired output. But if its a large capture you might want to set some artificial limits, unless you want to reach the physical ones. http://www.wireshark.org/docs/man-pages/tshark.html maybe a loop with the parameter -c set to something reasonable, that writes a uniquely named file each iteration. -c <capture packet count> Set the maximum number of packets to read when capturing live data. If reading a capture file, set the maximum number of packets to read. Edited September 13, 2013 by boththose ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__)
Curious52 Posted September 17, 2013 Author Posted September 17, 2013 Hi boththose, I did look at your TShark link, it sound interesting. However, have you try using Autoit to dump logs of desired output? By any chance you can provide some related Autoit codes? Thanks for helping
FireFox Posted September 17, 2013 Posted September 17, 2013 Hi,Have you tried the Winpcap UDF?Br, FireFox.
Curious52 Posted September 17, 2013 Author Posted September 17, 2013 Hi FireFox, I haven't yet, can you provide the related link for using it with Autoit?
iamtheky Posted September 17, 2013 Posted September 17, 2013 If you are trying to perform real-time capture and analysis, and then maybe take actions based off what is analyzed. I would allow AutoIt to do only the last part and allow the other tools to do exactly what they are designed for. There was nothing gained by adding AutoIt to the Wireshark+Tshark solution as we had no need to further display or act upon the output once the target traffic was captured. If you could explain what the endgame is, we could perhaps lead you toward the most effective solution. ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__)
Curious52 Posted September 17, 2013 Author Posted September 17, 2013 Hi Firefox, I couldn't find where I can download Winpcap.au3, by any chance you know where is it?
iamtheky Posted September 17, 2013 Posted September 17, 2013 (edited) '?do=embed' frameborder='0' data-embedContent>> points to http://opensource.grisambre.net/pcapau3/ Edited September 17, 2013 by boththose ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__)
FireFox Posted September 17, 2013 Posted September 17, 2013 points to http://opensource.grisambre.net/pcapau3/Which is the first result in the search link I posted.
Solution Curious52 Posted September 17, 2013 Author Solution Posted September 17, 2013 Hi bothhose & firefox, I got the Wincap.au3 as your link. Many thanks,
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now