Using Wireshark Command Line Tools & Scripting

Speaker: Sake Blok

Abstract

In this session, Sake takes you on a tour to all Wireshark Command Line Tools. He will show you how to use dumpcap to capture packets for months, use editcap to split and alter trace files, use mergecap to merge capture files into one file, use capinfos for quick info on trace files and of course use tshark to generate custom output and some handy statistics. To take things one step further, Sake will show you how to integrate the Wireshark CLI tools with some standard CLI commands to create magical results that can't be created with the Wireshark GUI.

Slides: PDF

Biography

Sake Blok, a Wireshark/Ethereal devotee since 1999, is the founder of SYN-bit in the Netherlands. His company focusses on troubleshooting Application Delivery Networks. He also trains customers to enable them to solve their own networking issues. In 2006, Sake started to add code to Wireshark for the functionality he was missing. He also started to fix Wireshark bugs that were reported on Bugzilla. This work on Wireshark resulted in an invitation from Gerald Combs to join the Core Development Team, which he joined in 2007.

Najaar 2015

2023-05-27
 
Vereniging NLUUG
info@nluug.nl
           postbus 8189
6710 AD Ede