I would like to get the processed result by tshark or wireshark and use it in python, which I think the .json format it great. Now I use:
ssh root@ip tcpdump -i eth0 -w - | tshark -i - -Tjson
to get the network packet from a remote system cause the remote system only has tcpdump, no more software can be installed. -w - means output to stdout and -i - mean read from stdin. Now I can see the json output in terminal in realtime but I would like to receive the json object in python and process it. I try write this code in alpha.py:
import sys
for line in sys.stdin:
print line
and use command below to get the output:
ssh root@ip tcpdump -i eth0 -w - | tshark -i - -Tjson | python3 alpha.py
and the output seems to be like this:
[
{
"_index": "packets-2019-04-30",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"frame": {
"frame.encap_type": "1",
"frame.time": "Jan 1, 1970 08:14:05.382776000 HKT",
"frame.offset_shift": "0.000000000",
"frame.time_epoch": "845.382776000",
"frame.time_delta": "0.000000000",
"frame.time_delta_displayed": "0.000000000",
"frame.time_relative": "0.000000000",
"frame.number": "1",
"frame.len": "111",
yeah that's every 'line' is just an output print line, but not a complete json string. By the way the output above did not read from stdin but from .pcap file for convenience:
tshark -r a.pcap -Tjson | python3 alpha.py
Now I'm confused but many people has offers me with ideas. Now I would like to make it more clear so I post this post. The original post is here:How to forward Wireshark processed data to python? in what kind of method?
and many thanks to @Ente https://stackoverflow.com/users/3215929/ente
I'm looking forward to the solutions. Thanks.
