First time here? Check out the FAQ!

Ask Your Question
0

how to programmatically obtain a list of "caught" packets using wireshark?
 
  
 
  
 
 
 
 
 
 
    
        
        asked Feb 15 '0  
 
 varvara gravatar image  
 
 
 
 
 
I am a 2nd-year student. I am writing course work and I need to use programmatically(I mean write code) Wireshark to get a list of all IoT devices in the environment. How to programmatically distinguish typical devices from other unknowns? Can this be done in python or only in c ++ ?. Are there any examples of solutions to such problems? Now I have built the Wireshark-3.2.1 project in Cline. I have a Kubuntu18.04 operating system. I don't know how to start, please give me an advice.
 
Preview: (hide)
 
 
 
 
          
 
add a comment
 
 
 
 
 
 1 Answer
    
 
 
                    Sort by »
                     oldest newest most voted 
 
 
 
 
 
  
 
 
 
 
0
 
 
  
 
 
 
 
 
 
 
 
    
        
        answered Feb 15 '0  
 
 Jaap gravatar image  
 
 
 
 
 
First question would be: based on what are you going to distinguish the IoT devices from others on the network? After that its a matter of scripting or postprocessing (probably) tshark output in Python.
 
Preview: (hide)
 
 
 
 
         
        link
        
 
Comments
I don’t know yet how I will do it. I want to figure out what the typical IoT packages look like. And come up with some rules to distinguish them.
varvara gravatar imagevarvara (
    
        Feb 15 '0
    )
And how will you capture the IoT traffic?  If on a switched network you'll need to capture on the switch, or by spanning a port on it.  If on a WiFi network, can your capture hardware see all the channels and modulation schemes in use?  What happens if the traffic is encrypted, e.g. TLS?
Maybe you should be looking at something like nmap to actively scan for devices, rather than hoping to capture random traffic and interpret it.
grahamb gravatar imagegrahamb (
    
        Feb 15 '0
    )
I want to get this list using Wireshark. And those packets that are encrypted or not defined, I will put off in a separate list.
varvara gravatar imagevarvara (
    
        Feb 15 '0
    )
add a comment
 
 
 
 
  
 
 
 
 

    
        Your Answer
    

 
 Please start posting anonymously - your entry will be published after you log in or create a new account.

    

 
 
Add Answer
 
 
 
 
 
 
 
 
   
  
 
   
 
 
 
 
 
 
 
 
Question Tools
  
 
 
 
 
 subscribe to rss feed 
 
 
 
 
 
 
Stats
 

        Asked:  Feb 15 '0  
 
 
        Seen: 324 times 
 

        Last updated: Feb 15 '20 
 
 
 
Related questions
 
 
 How to capture USB packets please? 
 
 Capture incoming packets from remote web server 
 
 Capture on WiFi works for all but device I'm interested in 
 
 Network interface switches 
 
 Build failure: 3.0.3 on Ubuntu 18.04 
 
 How to convert TcpDump output to Pcap 
 
 HOW do I use this? What can it do? How do I read/make sense of its output? 
 
 How to find the make and model of a local router? [closed] 
 
 ssl certificats and loopback networks how am i connected? 
 
 how to decrypt TLS v1.2 Diffie-Hellman