This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

WireShark sending data to HTTP destinations

0

Hello. Does anyone happen to know if WireShark is capable of sending data it finds to HTTP destinations?

asked 09 Oct '12, 13:01

InfusionDev20's gravatar image

InfusionDev20
6224
accept rate: 0%

what do you mean exactly by "sending data to HTTP destinations" (by using a HTTP POST request)?

What kind of data? Packets in pcap format? Payload bytes (which encoding)?

(09 Oct '12, 14:30) Kurt Knochner ♦

It's more is it possible as WireShark is capturing the data to send the results to an HTTP server as it's being captured in real time.

(10 Oct '12, 06:18) InfusionDev20

O.K. how do you want to send the data to the HTTP server? My question has a certain intention. I might have an idea how to do it, if you tell me how you want to send the data ;-)

(10 Oct '12, 06:35) Kurt Knochner ♦

In a perfect world if it can be sent from WireShark itself that would be great. Someone else said they heard it was possible for WireShark to send data it finds to HTTP destinations, so I'm just trying to find out if such a thing is possible form within WireShark.

(10 Oct '12, 06:40) InfusionDev20

3 Answers:

0

Wireshark is a protocol analyser and as such does not generate traffic. The output of Wireshark analysis can be saved or exported in various formats to the file system but not to an HTTP server.

answered 09 Oct '12, 14:05

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

0

Wireshark? No. Tshark, maybe. You could try to hook it up to curl. Or go all out with CloudShark.

answered 09 Oct '12, 14:09

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Would something like CloudShark allow you to upload the data to an HTTP server let's say? And it looks like it's just a software based add-on to WireShark?

(09 Oct '12, 14:18) InfusionDev20

0

Someone else said they heard it was possible for WireShark to send data it finds to HTTP destinations, so I'm just trying to find out if such a thing is possible form within WireShark.

O.K. here is my suggestion:

You can create a Lua Listener and collect whatever data you want. Then use LuaSocket to send the data via SMTP, HTTP POST, FTP to another server. LuaSocket needs to be installed separately on Windows, as Wireshark does not provide that.

However on the receiving server you need something (an application) that is able to accept and process that data. There is no standard solution available that works out of the box, but it is doable with reasonable effort.

Regards
Kurt

answered 10 Oct '12, 07:15

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

So WireShark itself has no capabilities to send such data without the help of a corresponding code correct? In this case writing, a Lua Listener to collect that data and have a Lua Socket on the other end to receive it.

(10 Oct '12, 07:24) InfusionDev20

as mentioned by others, wireshark has no "ready-to-use" builtin capability to do that. However, as Lua is also a builtin feature, whireshark will have that capability if you write some code to do it ;-))

And yes, you could also have a LuaSocket at the other end to receive the data, but that's not necessary, as you can send the data to a regular ftp server or HTTP server (POST request) with Lua from Wireshark.

(10 Oct '12, 07:25) Kurt Knochner ♦