pyshark to capture and parse packets in remote server

Question

Can we use pyshark module to capture/parse packets in remote server ? Found it working in local interface :

>>> import pyshark
>>> capture = pyshark.LiveCapture(interface='eth2')
>>> capture.sniff(timeout=50)
>>> capture
<LiveCapture (4 packets)>
>>>
>>> capture[3]
<CDP Packet>
>>>
>>> print capture[3]
Packet (Length: 272)
Layer ETH:
        Destination: CDP/VTP/DTP/PAgP/UDLD (01:00:0c:cc:cc:cc)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        Length: 258
        Address: Cisco_36:59:eb (6c:9c:ed:36:59:eb)

Same needs to be done for remote server (giving IP and few more filters)

KimiNewt · Answer 1 · 2014-05-02T11:12:10.117

You could do this by running the rpcapd service on the remote computer (included with WinPcap on Windows, note that you must use null authentication with the flag -n) and then running pyshark with the full URL of the remote service:

pyshark.LiveCapture(interface='rpcapd://[1.2.3.4]:2002/eth2')

Filters can always be supplied with pyshark.LiveCapture(bpf_filter='tcp')

EDIT: I added a pyshark.RemoteCapture class which is just a shortcut for the above. You can see it in the GitHub repo

pyshark to capture and parse packets in remote server

1 Answers1