This week at Sharkfest US 17, we have presented the ntop contributions to wireshark. In particular:
- How to use nDPI to complement Wireshark traffic classification
- How to remote capture on a remote box at 10/401/100 Gbit and stream traffic securely to wireshark via SSH
- Same as above but extracting packets from TBytes (of pcaps) using pcap indexes
- How to turn wireshark into a traffic monitoring tool able to measure traffic and network latency.
For those who have not attended the session (recording will appear soon on the sharkfest web site), you can have a look at the presentation slides or go to GitHub for looking at the code we have developed for enhancing wireshark.