MIT License
The unofficial defensics-pcap tool provides per-case packet capture functionality for Defensics.
tshark
(bundled with Wireshark in Windows) and Python.
The following command may need to be run as sudo (Linux) or in an Administrator command prompt (Windows):
python -m pip install --upgrade defensics-pcap
To verify proper installation, run:
defensics-pcap --help
If installed properly, you should see some help text on how to use the tool.
In Defensics, click 4) Instrumentation.
Click External.
Use tshark -D
(or "C:\Program Files\Wireshark\tshark.exe" -D
on Windows) to identify the proper network interface
on which to capture.
Place the start-cap command in Execute before each test case, e.g.:
python -m defensics_pcap start -i eth1
Place the stop-cap command in Execute after each test case, e.g.:
python -m defensics_pcap stop
Start your test and verify that .pcap files are being created in your test result directory, usually in
C:\Users\username\synopsys\defensics\results
.
Example arguments:
--exec-pre-test-case 'python -m defensics_pcap start -i eth1' --exec-post-test-case 'python -m defensics_pcap stop'
The start
command will start a PCAP in the currently running
Defensics results folder. It relies on the CODE_RESULT_DIR
and
CODE_TEST_CASE_PADDED
environment variables provided by Defensics, and
will not work if run alone in the command line.
start
looks for the tshark
application in your operating system
PATH and also in the default location C:\Program Files\Wireshark\tshark.exe
.
If you do not have tshark available via the PATH variable, you can
include a full path via the start
--tshark-full-path
argument.
See python -m defensics_pcap start --help
.
stop_cap.py
will stop the PCAP using the process ID value stored
temporarily in the Defensics results folder.