Does Clicking the "Stop Capturing Packets" Button return a value or modify a file?
I have a bash script that creates FIFO pipes, opens wireshark, and runs up to three ubertooth-btle commands based on the amount of Uberteeth plugged into my computer at runtime. Ubertooth is BLE USB packet sniffer.
When I'm done capturing packets in WS and I click the red square, is there something my bash script can poll for to know that I have clicked the button (system call, return value)? I would use to this info to kill the PIDs of each ubertooth-btle processes so I don't have to.
I don't want to stop packet capture after x seconds, or bytes/number of packets found...YET. If I have no other choice I will but that is plan B.
Is there a better way of achieving what I'm trying to do?
Have you looked to see if Wireshark kicks off a child process (like dumpcap) to do the capture? If so you could do the cleanup based on the child not running any more.
@bubbasnmp no I haven't but that sounds like a great place to start. Thank you. If this did happen would I use ps, or jobs to get the PID of the child process? I have a vague idea of what you mean by "cleanup" can you elaborate on what that entails?
If your ubertooth-btle devices are generating pcap data you should look into Wireshark's extcap support that allows Wireshark to use external capture utilities as "interfaces" that can then start and stop captures under the control of the Wireshark application.
Or even look in the ubertooth distribution for their extcap interface file. Note this file is quite old so might need some updates to track the current extcap interface
Adding Ubertooth support to Wireshark was actually the inspiration for extcap.
Fascinating. Thanks for the info, I'll look into what you @grahamb and @bubbasnmp have provided and report back thanks.