Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows support for live capture #2

Open
wino45 opened this issue Jul 6, 2017 · 8 comments
Open

Windows support for live capture #2

wino45 opened this issue Jul 6, 2017 · 8 comments

Comments

@wino45
Copy link

wino45 commented Jul 6, 2017

https://wiki.wireshark.org/CaptureSetup/Pipes

Maybe this mechanism could make this project to work in real time and on MS Windows. Anyway I saw this work for nRF sniffer.
https://www.nordicsemi.com/eng/Products/Bluetooth-low-energy/nRF-Sniffer
@spacehuhn
Copy link
Owner

spacehuhn commented Jul 7, 2017
edited
Loading

That nRF thing has it's own software and firmware.

Sure you can pipe things to wireshark on windows too. Still leaves the question of how to read from serial into a file. I'm sure it's possible on windows. You can port it If you want. I just don't have any intentions to do so at the moment.

@spacehuhn spacehuhn changed the title Maybe named pipes? Windows support for live capture Jul 7, 2017
@spacehuhn
Copy link
Owner

Sorry didn't mean to close this issue.

@spacehuhn spacehuhn reopened this Jul 7, 2017
@wino45
Copy link
Author

wino45 commented Jul 7, 2017

The nRF Sniffer is not using any files, it is not needed. When packet arrives it is send over UART to the PC (some kind of simple serialization is used - named SLIP, wihile it is not SLIP... ). The python script running on PC is deserializing a captured packet and pushes it to named pipe.
The Wireshark is configured to read from named pipe. So you have realtime sniffing. If you wan to have file you need to save it from Wireshark.

@SensorsIot
Copy link

I think this is a cool project (I am working on a similar one to detect MAC addresses in the proximity to control things).
I tried your sketch on an ESP32 and it worked quite well. But unfortunately, I got the message "Data [ Packet size limited during capture] and did not find any MAC addresses. in Wireshark.

@spacehuhn
Copy link
Owner

@SensorsIot you might want to open a new issue for this. I had the same error one or two times.

@wgaylord
Copy link

wgaylord commented Nov 7, 2019

Could have python write to wiresharks stdin itself instead of using a file as a middle man. (Using subprocess.communicate)

@ankur608
Copy link

ankur608 commented Oct 6, 2020

Update*
p = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True, preexec_fn=os.setsid)
By excluding the preexec_fn; was finally able to successfully stream the serial port in windows10.

p = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True)

@emaayan
Copy link

emaayan commented Jun 4, 2023

@spacehuhn i'm guessing you know by know allready, but just incase anyone missed it
you can have windows support using named pipes, than you don't even need a file anymore.
wireshark can also use named pipes as a source and you use them in python as well
head on here for the "official" page on wireshark on this: https://wiki.wireshark.org/CaptureSetup/Pipes
additionally somone made a gist https://gist.github.com/ouoam/3462e73fcfc36d063ecd8f9a5ac77f12 with these changes

his gist also has a fix for the malformed packet
https://gist.github.com/ouoam/3462e73fcfc36d063ecd8f9a5ac77f12#file-esp32_pcap_serial-ino-L57

i also have some ideas how do improve this using tcmenu for filtering packets.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@wgaylord @spacehuhn @wino45 @SensorsIot @emaayan @ankur608