How to analyze packets from tshark in realtime via bash?

packet-analyzer wireshark

I need to analyze the IPSec packages from this command in real time:

sudo tshark -i <My_Interface> -Y '(ip.addr == <My_IP>)'

I need to check whether an isakmp package is sent to set a variable as true. I can't wait until the whole sniffing process is finished to be able to read it from a pcap file!


After some workarounds, we have a solution:

while IFS= read -r line; do if [[ $line =~ 'ISAKMP' ]]; then echo $line; fi; done < <(sudo tshark -i <My_Interface>)

Instead of this simple string 'ISAKMP' we can check anything else. The echo command may be any other command (setting an environment variable, etc.)


You might also want to look into the netsniff-ng package in apt. It is a packet sniffing toolkit specifically built for Linux networks.

It works great for things like analyzing signals of pci / usb devices that do not follow their respective data protocols, in order to write custom drivers.

The following is a list of included tools, including descriptions, obtained from the output of apt info netsniff-ng:

  • netsniff-ng: a zero-copy packet analyzer, pcap capturing/replaying tool
  • trafgen: a multithreaded low-level zero-copy network packet generator
  • mausezahn: high-level packet generator for appliances with Cisco-CLI
  • ifpps: a top-like kernel networking and system statistics tool
  • curvetun: a lightweight curve25519-based multiuser IP tunnel
  • astraceroute: an autonomous system trace route and DPI testing utility
  • flowtop: a top-like netfilter connection tracking tool
  • bpfc: a [seccomp-]BPF (Berkeley packet filter) compiler, JIT disassembler

To find out more, you can visit the netsniff-ng website:

http://netsniff-ng.org/

Related

Using Webmin on Ubuntu server for Samba
HDMI monitor stops working when lap top lid is closed
automate sshpass when server is asking a "yes/no" question
How to change isolinux boot splash
How to help newbies... wizards and executables [closed]
How does apt-get autoremove work when given a package as an argument?
Distance of ellipse to the origin
Can the difference of 2 undefined limits be defined?
Should the notation $\int_{0}^{x} f(x) dx$ be frowned upon?
Pattern to last three digits of power of $3$?
Proving the inequality $e^{-2x}\leq 1-x$
Solve equations $\sqrt{t +9} - \sqrt{t} = 1$