Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Pcap wireshark and cloudshark on iPad or Raspberry Pi  (Read 194 times)

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 6385
  • Retd sw dev; A&A; 4 × 7km ADSL2; IPv6; Firebrick
Pcap wireshark and cloudshark on iPad or Raspberry Pi
« on: July 03, 2018, 03:53:01 PM »

Looking back I see that I asked about PCAP / Wireshark file analysis back in 2015, then forgot all about it, because I asked the same question in 2017, usual drug-powered amnesia I suspect.

In those earlier threads I got a tip in an earlier thread about using the cloudshark service for analysing PCAP files. I wanted to either upload a traffic capture file to to a web server for analysis into some friendly format or do so on an iPad, as I don't have a windows or linux pc to run tools locally on.

The cloudshark service is demanding a lot of money from me so I chose not to try that, as it is quite bit of money to even find out if it is useful.

I have tried a couple of apps for the iPad: iPcap and MooseNet but both were completely useless. The “iPcap” app just crashes the moment you click on an entry in the display. The “MooseNet” app seems to be broken in that it does not display IP and TCP properly, as crucial fields are missing. Easy one, where are the IP addresses? It has some filtering capabilities but just seems to be in a real state.

I thought about the Raspberry Pi though.

Question:
1. could I analyse a PCACP file using a Pi running Ubuntu using only a cli?
2. What is the easiest way of transferring a file to a raspberry pi from an iPad?

The PCAP files are being generated by the Andrews and Arnold clueless server’s ‘traffic dump’ facility in the first place, so I had though about just downloading the pcap file onto the raspberry pi using curl, but I will never work out the curl command line parameters as I would have to get it to log in as me too, work out what the URL is and so on. In any case, this is not as good an idea.

I also wondered, getting really crazy, if Lynx could be used on the Pi to do initiate PCAP download?
« Last Edit: July 03, 2018, 04:06:15 PM by Weaver »
Logged

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 6385
  • Retd sw dev; A&A; 4 × 7km ADSL2; IPv6; Firebrick
Re: Pcap wireshark and cloudshark on iPad or Raspberry Pi
« Reply #1 on: July 03, 2018, 05:43:55 PM »

I managed to download the file I wanted using Lynx - madness. Have not worked out how to do iPad file transfer yet.

I installed wireshark but this turned out to be a waste of time because I suspect it needs X-Windows, so I installed shark instead and that works.

The output of tshark -r is not very friendly or usable though.
Logged
 

anything