We were pretty excited when the developers at OpenWRT decided to build packet capture and CloudShark upload support into the popular open source software for broadband routers. It got us thinking - what are some other ways you could build a useful network probe? It turns out one of our other users decided to take the leap into building such capability using a Raspberry Pi.

The great news is you can do it easily by installing tshark on your system and running a simple script from one of our developers, Tom. The even better news is that you can lower the memory footprint of doing the capture with tshark by using Wireshark’s included packet capture process, dumpcap. In an embedded environment like a Raspberry Pi, this allows you to bypass tshark’s processing and send the resulting capture directly to CloudShark.

Seven Easy Steps

1. Install dumpcap on your Raspberry Pi (it comes as part of the tshark package): sudo apt-get install tshark

2. Download our script: wget https://github.com/cloudshark/cloudshark-capture/archive/master.zip and unpack the script.

3. Edit the api_token variable up at the top and insert your API token. You can change the prompt variable to y which will let the script ask you before uploading to CloudShark.

4. If you’re using your own CloudShark system, enter the URL in the cloudshark_url variable. Otherwise leave it as https://www.cloudshark.org/ .

5. Make the script executable: chmod +x cloudshark_capture.sh

6. Run the script and pass it any arguments you would normally pass to dumpcap/tshark. For example, if you want to capture 5 packets on interface eth0: ./cloudshark_capture.sh -i eth0 -c 5

7. Grab the returned URL and paste into your browser!

That’s all there is to it! You have now turned your Raspberry Pi into a network probe that can capture and upload to CloudShark. (Spoiler Alert: It likely works on other Linux systems too! But don’t take OUR word for it!)