Wireshark-users: Re: [Wireshark-users] Starting programs using Wireshark/tcpdump
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Thu, 05 Jul 2007 18:40:38 +0200
HI,

Maybe Lua can help you here.

Thanx,
Jaap

Piers Kittel wrote:
Hello all,

My job is to set up a computer to capture packets, and to start recording a 3 minute video when a certain packet gets sent/received, so I can analyse the two afterwards using Wireshark.
I've got all the commands to start capturing the packets using tcpdump, capturing video using ffmpeg, but I need to write a script so that when wireshark or tcpdump would start ffmpeg capturing video for 3 minutes when a SIP Connected packet gets recorded.  Is it possible at all to get wireshark or tcpdump to do this?

At first guess, the script would need to start an instance of tcpdump which runs constantly, and then parse the output from tcpdump and when it sees the packet, starts off ffmpeg capturing for 3 minutes - would I need to start another instance of tcpdump running for only 3 minutes or just use the output from the first instance of tcpdump?

Thanks very much for your time in advance!

Regards - Piers