We were pretty excited when the developers at OpenWRT decided to build packet capture and CloudShark upload support into the popular open source software for broadband routers. It got us thinking - what are some other ways you could build a useful network probe? It turns out one of our other users decided to take the leap into building such capability using a Raspberry Pi.
The great news is you can do it easily by installing tshark on your system and running a simple script from one of our developers, Tom. The even better news is that you can lower the memory footprint of doing the capture with tshark by using Wireshark’s included packet capture process, dumpcap. In an embedded environment like a Raspberry Pi, this allows you to bypass tshark’s processing and send the resulting capture directly to CloudShark.
Seven Easy Steps
Install
dumpcap
on your Raspberry Pi (it comes as part of thetshark
package):sudo apt-get install tshark
Download our script:
wget https://github.com/cloudshark/cloudshark-capture/archive/master.zip
and unpack the script.Edit the
api_token
variable up at the top and insert your API token. You can change theprompt
variable toy
which will let the script ask you before uploading to CloudShark.If you’re using your own CloudShark system, enter the URL in the
cloudshark_url
variable. Otherwise leave it ashttps://www.cloudshark.org/
.Make the script executable:
chmod +x cloudshark_capture.sh
Run the script and pass it any arguments you would normally pass to dumpcap/tshark. For example, if you want to capture 5 packets on interface eth0:
./cloudshark_capture.sh -i eth0 -c 5
Grab the returned URL and paste into your browser!
That’s all there is to it! You have now turned your Raspberry Pi into a network probe that can capture and upload to CloudShark. (Spoiler Alert: It likely works on other Linux systems too! But don’t take OUR word for it!)
Want articles like this delivered right to your inbox?
Sign up for our NewsletterNo spam, just good networking.