[qe-core] test fails in wireshark - Wireshark test needs to be simplified
This test is executing a lot of steps testing the UI, but causes failures which in this case, when the mouse was moved, the copy menu was selected (for some weird reason)
Also the module is doing a full blown installation, when it could boot from HDD.
Dee proposed that we could do features and functionalities of Wireshark via console, and verify that the app really can be started, from the GUI point of view...
I have checked with Vit, and his feeling is that it is ok to proceed with the change.
- Dee to draft a plan how the Wireshark tests can be rewritten
#9 Updated by dvenkatachala 5 months ago
We can use tshark , a command-line interface for Wireshark, that supports similar options to capture packet data from live connections, to write the packets to a file and to read/verify packets from a previously saved capture file.
Below are the test steps,
1. Capture packets:¶
Start capture via terminal using the tshark command in the background (and also generate the DNS request traffic in the current test) and save the captured data in a file. for e.g., Command : tshark -i ens3 -f "port 53" -w /tmp/capture.pcap In the above tshark command, “-i” option begins the capture process from ens3 interface; capture filter "-f" option captures packets from ports 53 only and "-w" options saves the captured traffic to a file.
2. Verify the capture:¶
Read the specific captured packet in the saved file by passing the display filter (option "-Y") and verify the packet count. If the packet count is non-zero then proceed to verify the required field value. for e.g., Dns request packet count: tshark -r /tmp/capture.pcap -Y "dns.a && dns.qry.name== www.suse.com" | wc -l then we can use options “-T field” and "-e" to extract fields as per our choice. see command usage below, command : tshark -r /tmp/capture.pcap -Y "dns.a && dns.qry.name== www.suse.com" -T fields -e "dns.qry.name" -e "dns.qry.type"
#12 Updated by dvenkatachala 5 months ago
- Status changed from Workable to In Progress
As per our discussion, next step is to capture USB traffic.
USB capture traffic can be done with below steps,
- To dump USB traffic on Linux, you need the usbmon kernel module. If it is not loaded yet, run this command as root:
- modprobe usbmon
- Run >lsusb and take a note of which bus the device connects.
- List the interfaces available on the system by running command. Run > tcpdump -D
- Now initiate the capture on the interface of USB bus X noted from step 2.
- start and save the capture by running command: tshark -i "usbmonX" -w /tmp/capture_usb.pcap
@santiago, Can we discuss one more time regarding capture and parsing of USB traffic.