The unofficial defensics-pcap tool provides per-case packet capture functionality for Defensics.
tshark (bundled with Wireshark in Windows) and Python.
The following command may need to be run as sudo (Linux) or in an Administrator command prompt (Windows):
python -m pip install --upgrade defensics-pcap
To verify proper installation, run:
defensics-pcap --help
If installed properly, you should see some help text on how to use the tool.
-
In Defensics, click 4) Instrumentation.
-
Click External.
-
Use
tshark -D(or"C:\Program Files\Wireshark\tshark.exe" -Don Windows) to identify the proper network interface on which to capture. -
Place the start-cap command in Execute before each test case, e.g.:
python -m defensics_pcap start -i eth1 -
Place the stop-cap command in Execute after each test case, e.g.:
python -m defensics_pcap stop -
Start your test and verify that .pcap files are being created in your test result directory, usually in
C:\Users\username\synopsys\defensics\results.
Example arguments:
--exec-pre-test-case 'python -m defensics_pcap start -i eth1' --exec-post-test-case 'python -m defensics_pcap stop'
The start command will start a PCAP in the currently running
Defensics results folder. It relies on the CODE_RESULT_DIR and
CODE_TEST_CASE_PADDED environment variables provided by Defensics, and
will not work if run alone in the command line.
start looks for the tshark application in your operating system
PATH and also in the default location C:\Program Files\Wireshark\tshark.exe.
If you do not have tshark available via the PATH variable, you can
include a full path via the start --tshark-full-path argument.
See python -m defensics_pcap start --help.
stop_cap.py will stop the PCAP using the process ID value stored
temporarily in the Defensics results folder.