Tshark Trigger icon

Tshark Trigger

Starts the workflow with Tshark

Actions3

Overview

This node triggers workflows based on wireless network traffic captured by Tshark, a command-line network protocol analyzer. It listens for specific Wi-Fi management frames—beacon frames, probe responses, or probe requests—on a specified wireless interface. The node supports channel hopping to scan multiple Wi-Fi channels periodically.

Common scenarios include:

  • Monitoring nearby Wi-Fi networks and devices for presence detection.
  • Triggering actions when new Wi-Fi access points or clients appear.
  • Collecting Wi-Fi signal strength and frequency data for network analysis.

For example, you could use this node to start a workflow whenever a new Wi-Fi beacon frame is detected, indicating a new access point in range, or to track probe requests from devices searching for networks.

Properties

Name Meaning
Interface The network interface used for monitoring Wi-Fi traffic (e.g., wlan1).
Channel Hopping List Comma-separated list of Wi-Fi channels to cycle through during monitoring (e.g., 1,2,3,...).
Channel Hopping Interval Time interval in seconds between switching channels during monitoring.
Emission Interval Time interval in seconds between emitting trigger events with collected data.
Maximum Emissions Maximum number of trigger emissions allowed per emission interval.

Output

The node outputs JSON arrays where each item represents a captured Wi-Fi frame matching the selected operation filter. Each object contains:

  • frameType: Numeric code identifying the Wi-Fi frame subtype (e.g., beacon, probe request).
  • macAddress: MAC address of the device sending the frame.
  • macResolved: A resolved or human-readable form of the MAC address if available.
  • ssid: The SSID (network name) extracted from the frame.
  • frequencyMHz: Frequency in MHz on which the frame was captured.
  • signalDbm: Signal strength in dBm.

No binary data output is produced by this node.

Dependencies

  • Requires Tshark installed and accessible in the system PATH.
  • Requires sudo privileges to run Tshark with elevated permissions.
  • Uses the iw command-line tool to perform channel hopping on the wireless interface.
  • Requires an API key credential providing the local sudo password for authentication.

Troubleshooting

  • Permission errors: The node runs Tshark with sudo. Ensure the provided password is correct and the user has sudo rights without interactive prompts.
  • Interface issues: Verify the specified network interface exists and is in monitor mode.
  • Channel hopping failures: Confirm that the listed channels are supported by your wireless card (iw list can be used to check).
  • No output events: Check that there is Wi-Fi traffic matching the selected frame type and that the interface is correctly capturing packets.
  • Process termination: If the Tshark process unexpectedly stops, verify system resources and permissions.

Links and References

Discussion