wstrace - Interact with the Wireshark Trace mechanism
wstrace [open | close | [on [ifn] [w]] | [off [ifn]] | pause | resume | [filter port]]DESCRIPTION
The wstrace command is used to trace network traffic with Wireshark. Argument open launches the Wireshark application with the necessary options required to run it in real-time mode with the data source set to stdin. In addition, the command creates a NAT32 pipe device that other commands can redirect their output to in order to display data within Wireshark. The name of the pipe device is typically pipe49, although it is mounted as device wireshark for ease of use.NOTES
Traffic from any source can be sent to the pipe. Shown below are a few examples:
- The command: catb test.pcap > wireshark will copy the file test.pcap to device wireshark in binary mode.
- The command: wstrace open ; wstrace on 1 will run Wireshark and display IFN 1 adapter traffic.
- The command: wstrace open ; wstrace on 1 w will run Wireshark and display IFN 1 Windows traffic.
- The command: wstrace open ; wstrace on will run Wireshark and display all adapter traffic.
- The command: fritz_ws will start a trace on the FritzBox and display its output in Wireshark.
- The command: fritz_off will terminate the FritzBox trace. The Wireshark window remains visible.
A description of other wstrace arguments can be found here.
Because NAT32 has full access to all configured network interfaces on the machine, including WLAN, WWAN, 3G, 4G, Bluetooth, USB, RAS Client and RAS Server interfaces, Wireshark is able to display traffic to which its standard driver (WinPcap) has no access.
In addition, FritzBox traffic on any of its internal interfaces can also be displayed within Wireshark in real time. Further details can be found here.
The Wireshark Trace feature has been tested with Wireshark Version 1.12. The path of the wireshark.exe file is extracted from the Windows Registry, but can also be specified in the file wireshark.txt if the PortableApps version is to be used, in which case the path should be specified as follows:X:\PortableApps\WiresharkPortable\App\Wireshark\Wireshark.exe
WinPkFilter, Wireshark, WinPcap, FritzBox Traffic Monitor, Wireshark Traffic Monitor, External Routers, httpget