Automated network capture and analysis?
I was curious to know if anyone has done any work on automated network analysis such as starting network traffic capture (to file) before executing some test, perform some test, then stop capture, then parse capture file for known patterns to look for (expected data, errors that should not appear, etc.).
Using pcap libraries for whatever programming/scripting language, using tshark, tcpdump, etc.
I had planned to do some work in this area for SIP/VoIP testing but never got the time at work to look into it. But it should be theoretically possible, so just wanted to see if there were real life implementations of it by others (whether made open source or not).
You mentioned tshark, so I'm not understanding what wireshark doesn't offer in the way of functionality that you may be looking for? Can you clarify (if advice is still needed), or update this post with your findings?
My point was: has anyone attempted to automate network capture and analysis such that no human intervention occurs with exception to maybe starting/stopping capture.
For example, I kick off some test automation that does some stuff that generates network activity. When the automation is started, it also starts up network capture to file (via scripting/code) then at end of tests, stops capture, then executes a trace parser that automatically parses & analyzes the captured trace file for common issues to look for and dump out any such issues found in test report, etc.. For example in terms of HTTP, auto grep for HTTP status code 500s, 404s, etc. or content within the response but that's just a simple example, it could be for other protocols like SIP, TCP/IP, UDP, FTP, XMPP, or be more complex.
From my experience, I haven't heard of anyone doing such, and so wanted to see if anybody actually did such.
Using Wireshark, tshark, and such tools can provide what I mention but in a manual way in that it all has to be done by hand by a human. Well, tshark could potentially be integrated w/ scripting for automated solution. I want to hear of experiences and techniques for "full" automation of network capture & analysis w/ minimal human processing other than kickoff/stop and review the outptut results.