Dynamically process Wireshark output with Powershell

Posted on 2014-08-04
Last Modified: 2014-08-11
I have started to use Wireshark to monitor some network traffic, I can configure the settings to get exactly the data I want but want to dynamically (i.e. alongside wireshark obtaining the data) process it with a powershell script. Is there a way I can do this - I am new to both Wireshark and Powershell so a fool proof description would be good.
Question by:Blowfelt82
    LVL 57

    Expert Comment

    Is there any reason you want to do both at the same time?

    First Wireshark is an inteface into winpcap, which actually does the data capture.  What you see in wireshark is NOT what you get out of winpcap.  Winpcap passes the raw data to Wireshark and Wireshark formats it for humans and can analyze the data.

    Have you actually looked at a saved Wireshark file to see what it looks like?
    LVL 67

    Accepted Solution

    PowerShell does have no native way to access WireShark, which would be necessary to process live data.
    The non-GUI tools of WireShark (in particular tshark can provide a text stream you can pipe into a PS script.

    But the main question is: What do you want to achieve with that? Sophisticated analysis is usually applied to capture files, not the live stream, as online analyzing consumes a lot of resources.
    LVL 67

    Expert Comment

    The first step when using WireShark is always to ask "What do I want to see?". Just letting it run, and hoping you find something suspicious is naive. Interpreting the WireShark capture is a sophisticated act; you can't apply rules unless you know very clearly what to look after.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    In this previous article (, we made basic license assignments to users in O365. When I say basic, the method is the simplest way …
    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now