Curious52 Posted September 13, 2013 Share Posted September 13, 2013 I try to find the way to use Autoit for interacting and analyse Wireshark tool (get some specific data), can Autoit do it? If YES, please provide some related links? Thanks to any help Link to comment Share on other sites More sharing options...
orbs Posted September 13, 2013 Share Posted September 13, 2013 in Wireshark, File > Export you can export the capture data to text file, which can later be analyzed by AutoIt. this thread has some more info: http://serverfault.com/questions/150167/how-do-i-convert-wireshark-capture-files-to-text-files if you mean real-time analysis, then direct the Wireshark stdout stream to be read by AutoIt. i forget how it's done, but it's not hard, search the web for it. Signature - my forum contributions: Spoiler UDF: LFN - support for long file names (over 260 characters) InputImpose - impose valid characters in an input control TimeConvert - convert UTC to/from local time and/or reformat the string representation AMF - accept multiple files from Windows Explorer context menu DateDuration - literal description of the difference between given dates Apps: Touch - set the "modified" timestamp of a file to current time Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes SPDiff - Single-Pane Text Diff Link to comment Share on other sites More sharing options...
Curious52 Posted September 13, 2013 Author Share Posted September 13, 2013 Yes, I meant real-time analsysis and as you suggested I am searching the web. Thanks for helping Link to comment Share on other sites More sharing options...
corgano Posted September 13, 2013 Share Posted September 13, 2013 STDoutread in the help file. If that's not what it's called, search for STD in the help file, or start typing it in SciTE and it will give you an autocorrect option for it. The example in the help file should be good enough to get you going good luck 0x616e2069646561206973206c696b652061206d616e20776974686f7574206120626f64792c20746f206669676874206f6e6520697320746f206e657665722077696e2e2e2e2e Link to comment Share on other sites More sharing options...
iamtheky Posted September 13, 2013 Share Posted September 13, 2013 (edited) use tshark to dump logs of desired output. But if its a large capture you might want to set some artificial limits, unless you want to reach the physical ones. http://www.wireshark.org/docs/man-pages/tshark.html maybe a loop with the parameter -c set to something reasonable, that writes a uniquely named file each iteration. -c <capture packet count> Set the maximum number of packets to read when capturing live data. If reading a capture file, set the maximum number of packets to read. Edited September 13, 2013 by boththose ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Link to comment Share on other sites More sharing options...
Curious52 Posted September 17, 2013 Author Share Posted September 17, 2013 Hi boththose, I did look at your TShark link, it sound interesting. However, have you try using Autoit to dump logs of desired output? By any chance you can provide some related Autoit codes? Thanks for helping Link to comment Share on other sites More sharing options...
FireFox Posted September 17, 2013 Share Posted September 17, 2013 Hi,Have you tried the Winpcap UDF?Br, FireFox. Link to comment Share on other sites More sharing options...
Curious52 Posted September 17, 2013 Author Share Posted September 17, 2013 Hi FireFox, I haven't yet, can you provide the related link for using it with Autoit? Link to comment Share on other sites More sharing options...
FireFox Posted September 17, 2013 Share Posted September 17, 2013 Sure... http://lmgtfy.com/?q=winpcap+udf Link to comment Share on other sites More sharing options...
Curious52 Posted September 17, 2013 Author Share Posted September 17, 2013 Thanks I will try it, thanks Link to comment Share on other sites More sharing options...
iamtheky Posted September 17, 2013 Share Posted September 17, 2013 If you are trying to perform real-time capture and analysis, and then maybe take actions based off what is analyzed. I would allow AutoIt to do only the last part and allow the other tools to do exactly what they are designed for. There was nothing gained by adding AutoIt to the Wireshark+Tshark solution as we had no need to further display or act upon the output once the target traffic was captured. If you could explain what the endgame is, we could perhaps lead you toward the most effective solution. ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Link to comment Share on other sites More sharing options...
Curious52 Posted September 17, 2013 Author Share Posted September 17, 2013 Hi Firefox, I couldn't find where I can download Winpcap.au3, by any chance you know where is it? Link to comment Share on other sites More sharing options...
iamtheky Posted September 17, 2013 Share Posted September 17, 2013 (edited) '?do=embed' frameborder='0' data-embedContent>> points to http://opensource.grisambre.net/pcapau3/ Edited September 17, 2013 by boththose ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Link to comment Share on other sites More sharing options...
FireFox Posted September 17, 2013 Share Posted September 17, 2013 points to http://opensource.grisambre.net/pcapau3/Which is the first result in the search link I posted. Link to comment Share on other sites More sharing options...
Solution Curious52 Posted September 17, 2013 Author Solution Share Posted September 17, 2013 Hi bothhose & firefox, I got the Wincap.au3 as your link. Many thanks, Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now