pyshark live capture with display filter

python tshark pyshark
user1627588 picture user1627588 · Jun 3, 2014 · Viewed 8.3k times · Source

i found a nice python module pyshark that as far as i got can be used the same way as tshark with bpf filtering. I am actually looking for live capture option with bpf filtering and display filtering to do something else with those data and store them to db for later analyise. According documentation pyshark can do live capturing but i do not know how to display and send to file or DB data for each packet received. I am running IPv6 lab network. This is sample python script:

import pyshark
capture = pyshark.LiveCapture(interface='eth1',bpf_filter="tcp and port 80")
capture.sniff(timeout=20)

after timeout i can print time and epoch time but only per packet. Other parts of package i am not able to see

print capture[1].sniff_time
print capture[1].sniff_timestamp

i would appreciate any help and direction to go to have live capture and data per packet for sending to db

Answer

KimiNewt picture KimiNewt · Jun 4, 2014

You can't access raw packet data, but you can access packet fields by accessing the relevant layer such as packet.udp.src_port You can see all fields easily by printing the packet

Related questions

How to parse protobuf packets in Wireshark

My goal is to have a plugin/dissector that can parse a protocol based on protobuf (UDP). I found on the web an Auto-generate Wireshark/Ethereal dissector plugins for Protocol Buffer messages: https://code.google.com/archive/p/protobuf-wireshark/ when …

Read More
How do I list all files of a directory?

How can I list all files of a directory in Python and add them to a list?

Read More
Iterating over dictionaries using 'for' loops

I am a bit puzzled by the following code: d = {'x': 1, 'y': 2, 'z': 3} for key in d: print key, 'corresponds to', d[key] What I don't understand is the key portion. How does Python recognize that it needs only to …

Read More