Jump to content

Can Autoit interact and analyse Wireshark info.?


Curious52
 Share

Go to solution Solved by Curious52,

Recommended Posts

in Wireshark, File > Export you can export the capture data to text file, which can later be analyzed by AutoIt.

this thread has some more info: http://serverfault.com/questions/150167/how-do-i-convert-wireshark-capture-files-to-text-files

if you mean real-time analysis, then direct the Wireshark stdout stream to be read by AutoIt. i forget how it's done, but it's not hard, search the web for it.

Signature - my forum contributions:

Spoiler

UDF:

LFN - support for long file names (over 260 characters)

InputImpose - impose valid characters in an input control

TimeConvert - convert UTC to/from local time and/or reformat the string representation

AMF - accept multiple files from Windows Explorer context menu

DateDuration -  literal description of the difference between given dates

Apps:

Touch - set the "modified" timestamp of a file to current time

Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes

SPDiff - Single-Pane Text Diff

 

Link to comment
Share on other sites

STDoutread in the help file. If that's not what it's called, search for STD in the help file, or start typing it in SciTE and it will give you an autocorrect option for it. The example in the help file should be good enough to get you going

good luck

0x616e2069646561206973206c696b652061206d616e20776974686f7574206120626f64792c20746f206669676874206f6e6520697320746f206e657665722077696e2e2e2e2e

Link to comment
Share on other sites

use tshark to dump logs of desired output. But if its a large capture you might want to set some artificial limits, unless you want to reach the physical ones.

http://www.wireshark.org/docs/man-pages/tshark.html

 

maybe a loop with the parameter -c set to something reasonable, that writes a uniquely named file each iteration.

-c <capture packet count>

Set the maximum number of packets to read when capturing live data. If reading a capture file, set the maximum number of packets to read.

Edited by boththose

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites

If you are trying to perform real-time capture and analysis, and then maybe take actions based off what is analyzed.  I would allow AutoIt to do only the last part and allow the other tools to do exactly what they are designed for.  There was nothing gained by adding AutoIt to the Wireshark+Tshark solution as we had no need to further display or act upon the output once the target traffic was captured.

If you could explain what the endgame is, we could perhaps lead you toward the most effective solution.

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...