We were pretty excited when the developers at OpenWRT decided to build packet capture and CloudShark upload support into the popular open source software for broadband routers. It got us thinking - what are some other ways you could build a useful network probe? It turns out one of our other users decided to take the leap into building such capability using a Raspberry Pi.
The great news is you can do it easily by installing tshark on your system and running a simple script from one of our developers, Tom. The even better news is that you can lower the memory footprint of doing the capture with tshark by using Wireshark’s included packet capture process, dumpcap. In an embedded environment like a Raspberry Pi, this allows you to bypass tshark’s processing and send the resulting capture directly to CloudShark.
Seven Easy Steps
dumpcapon your Raspberry Pi (it comes as part of the
sudo apt-get install tshark
Download our script:
wget https://github.com/cloudshark/cloudshark-capture/archive/master.zipand unpack the script.
api_tokenvariable up at the top and insert your API token. You can change the
ywhich will let the script ask you before uploading to CloudShark.
If you’re using your own CloudShark system, enter the URL in the
cloudshark_urlvariable. Otherwise leave it as
Make the script executable:
chmod +x cloudshark_capture.sh
Run the script and pass it any arguments you would normally pass to dumpcap/tshark. For example, if you want to capture 5 packets on interface eth0:
./cloudshark_capture.sh -i eth0 -c 5
Grab the returned URL and paste into your browser!
That’s all there is to it! You have now turned your Raspberry Pi into a network probe that can capture and upload to CloudShark. (Spoiler Alert: It likely works on other Linux systems too! But don’t take OUR word for it!)