This Visual Studio Code(tm) extension adds support to open pcap/network files. It allows as well to "filter" (create smaller) pcap/pcapng files with a freely-configurable, multi-steps assistant.
Note: The time-sync feature works well with extension and for DLT (diagnostic log and trace) files.
Note: It acts mainly as a UI to a local Wireshark™ installation. So Wireshark (incl sharkd) need to be locally installed.
Note: Wireshark changed the jsonrpc for sharkd with version 3.5. This version requires a wireshark installation >=v3.5! If you need an older wireshark version you need to use v1.7.1 of this extension!
Note: Currently I do find "sharkd" for Windows only as part of the Wireshark Portable packages win64/WiresharkPortable_latest. Extracting the wireshark folder into any local folder and pointing the sharkdFullPath setting to it seems to work (so keeping the regular installation untouched).
Note: Under Linux® the default Debian package doesn't install "sharkd". With Ubuntu 20.04-LTS installing package "tshark" seems to be sufficient.
If you install from source (git clone https://github.com/wireshark/wireshark; cd wireshark; mkdir build; cd build; cmake -DBUILD_wireshark=OFF .. ; make ; ./run/sharkd - <- should build sharkd and print a 'Hello from client'. The path to this binary should be sufficient. Caution might be needed on the plugin directory location. You can keep the default option -DBUILD_wireshark=ON as well but its not needed. Check the list of compile dependencies (e.g. glib-2.0-dev libpcap-dev libgcrypt20-dev lib-c-ares-dev liblua5.3-dev lua5.3 )
The extension uses telemetry with two events (open file
, errorcode as parameter or filter pcap
) if telemetry is activated within your general configuration.
sharkd (and tshark) binary from Wireshark >=v3.5 needs to be locally installed. If installed via 'brew' on OSX its installed by default. For Win32/64 and Linux see notes above.
This extension contributes the following settings:
vsc-webshark.sharkdFullPath
: Specifies the absolute path incl filename to the sharkd binary. This needs to be set after installation.vsc-webshark.tsharkFullPath
: Specifies the absolute path incl filename to the tshark binary. Defaults to 'tshark'. Needs to be set after installation if tshark is not reachable via search path.vsc-webshark.mergecapFullPath
: Specifies the absolute path incl filename to the mergecap binary. Defaults to 'mergecap'. Needs to be set after installation if mergecap is not reachable via search path.vsc-webshark.wiresharkProfile
: Specifies the name of an (installed) wireshark profile.vsc-webshark.columns
: Defines the columns shown. Uses the format strings as defined e.g. here wireshark github (see readable strings a few lines below). If not provided default values are used.vsc-webshark.columnsWidths
: Defines the width for the columns. If not provided default values are used.vsc-webshark.events
: Defined events used for time-sync event detection.
level
> 0 andlabel
defined. The label can contain {0} for the %i info column or {1}, {2} ... replacements for the values. displayFilter
: any Wireshark display filter expression like "tcp" or "upd or http.request"values
: array of strings referring to Wireshark column/display filters like %t or http.request:0 (take care about the :0. It's not the slice operator but the occurrence if that expression is defined by multiple protocols in the proto tree). Values can be referred to from label via {1..n}.timeSyncId
providing the id for the time-sync eventtimeSyncPrio
defining the prio of this event. Other documents use the lowest value (=highest prio) to define which events to use for time adjustment (so whether to use just broadcast their own defined ones or in case of a timeSyncId and timeSyncValue match to adjust the time).conversionFunction
can be used to modify the time-sync value calculated for that event. Needs to be a JS function returning a string. If not used the values are concated by ' ' and if no values defined by info column.vsc-webshark.filterSteps
: defines the configurable steps of the "filter pcap file..." assistant. See the default/configuration for an example. (Todo: provide a full description). Please consider using "-C vsc-webshark.extractDltMethods
: Array with the different methods offered for extracting DLT from PCAP files. By default two methods are configured:
name
: a name to identifysteps
: similar to filterSteps but for the "extract DLT from pcap file..." function.tSharkArgs
: arguments used for tshark to extract the DLT message payload from the pcap file.Little testing done yet. Little documentation.
See Changelog
Any and all test, code or feedback contributions are welcome. Open an issue or create a pull request to make this extension work better for all.
GitHub ♥︎ Sponsors are welcome!
This project leverages the following third party content:
node-webshark
License: GPL-2.0 https://github.com/QXIP/node-webshark/blob/master/LICENSE
node-webshark is based on webshark by Jakub Zawadski:
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.