The most useful packet sniffer I've found is Wireshark. Wireshark though runs in a GUI, so that limits automation. However, Wireshark also comes in a command line version called Tshark.
To install thsark on Raspberry Pi, you simply run:
sudo apt-get install iw tshark
Using tshark:
if you just type sudo tshark it will be capturing data to the screen, on your default network interface (eth0.)
You can output data to a file with the -w parameter. You can also set durations of capture, as well as other useful filtering methods (i.e. only capture packets from SIP sources.)
Why use Raspberry Pi with Tshark?
Raspberry Pi is the cheapest linux box I can find. It's a nice way to run something easily that can be used in a testing framework. Since I do a lot of VOIP tests, Tshark is very useful, and I can drop a raspberry pi box into the testing for a very low cost.
I did find some problems though....
When SSH'd to the Raspberry Pi, and running tshark, I was disconnected at times - for what appeared to be too much data coming through and blowing my connection.
Perhaps outputting to a file would resolve that.
No comments:
Post a Comment