7.3. Getting Started¶
7.3.1. Quick Start¶
- Run
steel mkworkspaceto create a directory that contains all the SteelScript example scripts. - Navigate to
steelscript-workspace/wireshark-examples/. There you will find all steelscript-wireshark example scripts. - Run
python pcap_info.py <path-to-your-pcap-file>. This will print out the pcap file’s basic details, similar to the following:
| Key | Value |
|---|---|
| File encapsulation | Ethernet |
| RIPEMD160 | 64855625794452b0d0a5624f004104189a11c8b8 |
| Packet size limit | 65535 |
| Capture duration (seconds) | 7.344911 |
| Data byte rate (bytes/sec) | 34769.11 |
| Number of packets | 388 |
| File name | tutorial.pcap |
| ...etc... | ...etc... |
- Copy one of the example scripts to use as a template. Customize it to fit your needs.
More information on API’s available here.
7.3.2. Example Usage¶
The following example shows how to use pcap_query.py to gain insights on how your HTTP traffic is flowing.
pcap_query.py can be found inside the steelscript-workspace/wireshark-examples/ directory.
$ python pcap_query.py my_http_pcap_file.pcap \
-c "http.request.uri,http.request.method,http.response.code,http.server,http.prev_request_in,http.time"
returns:
| http.request.uri | http.request.method | http.response.code | http.server | http.prev_request_in | http.time |
|---|---|---|---|---|---|
| / | GET | None | None | None | None |
| None | None | 200 | Apache/2.2.14 | None | 0.080266 |
| /favicon.ico | GET | None | None | 5 | None |
| None | None | 404 | Apache/2.2.14 | 5 | 0.041042 |
| /bhratach | GET | None | None | 9 | None |
| None | None | 301 | Apache/2.2.14 | 9 | 0.000346 |
| /bhratach/ | GET | None | None | 13 | None |
| None | None | 200 | Apache/2.2.14 | 13 | 0.066848 |