Skip to content

Python modules for extracting data from pcap files via Wireshark (tshark)

License

Notifications You must be signed in to change notification settings

riverbed/steelscript-wireshark

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

88 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Riverbed SteelScript for Wireshark

This package provides device specific bindings for interacting with Riverbed Wireshark devices as part of the Riverbed SteelScript for Python.

Example Usage

The following example shows how to use pcap_query.py to gain insights on how your HTTP traffic is flowing. pcap_query.py can be found inside the steelscript-workspace/wireshark-examples/ directory.

$ python pcap_query.py my_http_pcap_file.pcap \
  -c "http.request.uri,http.request.method,http.response.code,http.server,http.prev_request_in,http.time"

returns:

http.request.uri http.request.method http.response.code http.server http.prev_request_in http.time
/ GET None None None None
None None 200 Apache/2.2.14 None 0.080266
/favicon.ico GET None None 5 None
None None 404 Apache/2.2.14 5 0.041042
/bhratach GET None None 9 None
None None 301 Apache/2.2.14 9 0.000346
/bhratach/ GET None None 13 None
None None 200 Apache/2.2.14 13 0.066848

License

Copyright (c) 2019-2024 Riverbed Technology, Inc.

SteelScript-Wireshark is licensed under the terms and conditions of the MIT License accompanying the software ("License"). SteelScript-Wireshark is distributed "AS IS" as set forth in the License.

About

Python modules for extracting data from pcap files via Wireshark (tshark)

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages