Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an app
TA_tshark (Network Input for Windows) app icon

TA_tshark (Network Input for Windows)

This TA enables direct network input on Windows using tshark (part of Wireshark package), parsing (currently DNS traffic) and search time CIM mapping..

Built by
splunk product badge
screenshot
Latest Version 0.0.3
March 15, 2024
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3
Rating

0

(0)

Log in to rate this app
Support
TA_tshark (Network Input for Windows) support icon
Developer Supported addon
This TA enables direct network input on Windows using tshark (part of Wireshark package), parsing (currently DNS traffic) and search time CIM mapping.. Possible use cases ------------------ - DNS Insight https://splunkbase.splunk.com/app/1827/ - DHCP Insight https://splunkbase.splunk.com/app/1837/ Installation ------------ - install Wireshark (you can deselect all components except tshark) - install TA-tshark on UF and configure forwarding - modifiy inputs.conf and bin/tcpdump.path if needed. The provided file is configured for Windows to capture port 53 (DNS) on first interface and defines the input as "tshark:port53" sourcetype. - enable capture in inputs.conf (set disabled = 0) - restart UF Discuss the TA_tshark on Splunk Answers: http://answers.splunk.com/answers/app/4921 Contact ------- splunk@compek.net

Categories

Created By

Pavel Prostin

Type

addon

Downloads

966

Licensing

Splunk Answers

Resources

Log in to report this app listing