Automating Packet Analysis with Sharkd and Python

Have you ever had one of those days when your packet analysis seems doomed? We start looking and quickly realise that there are duplicates of all the packets in one direction. So we process the file with your favourite de-dup tool and try again. Next we find some packets were dropped during capture. Hopefully, we have enough. Hang on, where's the traffic to the server? Things are going from bad to worse and we are already 2 hours in.

If only we could check the data before breaking out Wireshark.

This video explains how to use Sharkd and its API to automate the analysis of network packet data. I go on to demonstrate the capability using an experimental Python program to check the quality of a packet capture file. We close the video with details about Sharkd installation and documentation.

The modified sharkd_session.c code I used is here - https://gitlab.com/credible58/wireshark/-/tree/issue17235

The Python program used in the video is here - https://github.com/credible58/papr/tree/main