Ask Your Question
0

how to programmatically obtain a list of "caught" packets using wireshark?

asked 2020-02-15 11:12:48 +0000

varvara gravatar image

I am a 2nd-year student. I am writing course work and I need to use programmatically(I mean write code) Wireshark to get a list of all IoT devices in the environment. How to programmatically distinguish typical devices from other unknowns? Can this be done in python or only in c ++ ?. Are there any examples of solutions to such problems? Now I have built the Wireshark-3.2.1 project in Cline. I have a Kubuntu18.04 operating system. I don't know how to start, please give me an advice.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2020-02-15 16:50:53 +0000

Jaap gravatar image

First question would be: based on what are you going to distinguish the IoT devices from others on the network? After that its a matter of scripting or postprocessing (probably) tshark output in Python.

edit flag offensive delete link more

Comments

I don’t know yet how I will do it. I want to figure out what the typical IoT packages look like. And come up with some rules to distinguish them.

varvara gravatar imagevarvara ( 2020-02-15 17:39:20 +0000 )edit

And how will you capture the IoT traffic? If on a switched network you'll need to capture on the switch, or by spanning a port on it. If on a WiFi network, can your capture hardware see all the channels and modulation schemes in use? What happens if the traffic is encrypted, e.g. TLS?

Maybe you should be looking at something like nmap to actively scan for devices, rather than hoping to capture random traffic and interpret it.

grahamb gravatar imagegrahamb ( 2020-02-15 18:15:36 +0000 )edit

I want to get this list using Wireshark. And those packets that are encrypted or not defined, I will put off in a separate list.

varvara gravatar imagevarvara ( 2020-02-15 18:38:58 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2020-02-15 11:12:48 +0000

Seen: 283 times

Last updated: Feb 15 '20

Related questions

How to capture USB packets please?

Capture incoming packets from remote web server

Capture on WiFi works for all but device I'm interested in

Network interface switches

Build failure: 3.0.3 on Ubuntu 18.04

How to convert TcpDump output to Pcap

HOW do I use this? What can it do? How do I read/make sense of its output?

How to find the make and model of a local router? [closed]

ssl certificats and loopback networks how am i connected?

how to decrypt TLS v1.2 Diffie-Hellman

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2