Live snoop analysis

jojo123 · January 26, 2013, 6:53am

Dears,

I am trying to run a bash script to take a snoop on an interface with a certain port for like 5 minute and once the snoop is finished I need to parse the snoop file on unix/solaris without using WIRESHARK or ETHERAL.

the snoop that I will capture will be for DIAMETER Protocol and what I will be looking for is the total number of CCR Send and total number of CCA recieved and other related information.

I can generate the script to a level of executing the script on partiular interface and close it but how to parse it with DIAMETER protocol on solaris this is what I am more intersted in.:rolleyes:

---------- Post updated at 06:53 AM ---------- Previous update was at 06:26 AM ----------

jlliagre · January 26, 2013, 8:26am

snoop doesn't parse the diameter protocol. While certainly doable with some shell scripting, that won't worth the effort given the fact wireshark already does it. Why are you ruling out wireshark ?

jojo123 · March 3, 2013, 4:14am

Well whireshark can be run over windows I am more interested to take live snoop and analyse at bash level.

Any idea?

Neo · March 3, 2013, 5:40am

Sounds pretty easy... capture data and parse data ... .what's the problem?

jlliagre · March 3, 2013, 7:23am

Wireshark has a CLI mode, tshark, if this is what you are looking for.