How to Enhance Wireshark with DPI, latency measurement and more

Posted · Add Comment

This week at Sharkfest US 17, we have presented the ntop contributions to wireshark. In particular:

  • How to use nDPI to complement Wireshark traffic classification
  • How to remote capture on a remote box at 10/401/100 Gbit and stream traffic securely to wireshark via SSH
  • Same as above but extracting packets from TBytes (of pcaps)  using pcap indexes
  • How to turn wireshark into a traffic monitoring tool able to measure traffic and network latency.

For those who have not attended the session (recording will appear soon on the sharkfest web site), you can have a look at the presentation slides or go to GitHub for looking at the code we have developed for enhancing wireshark.

Happy wiresharking!