pyshark Live Capture with wrong display_filter argument

Question

I am running live capture with pyshark module:

filtered_cap = pyshark.LiveCapture(display_filter='TCPP', only_summaries=True)  
packet_iter = filtered_cap.sniff_continuously()  
for pkt in packet_iter:
    print(pkt)

The display filter argument is incorrect e.g. 'TCPP'
When running this code I have got exception that I cannot catch.

Exception ignored in: <function Capture.____del____ at ...> 
    ...  
pyshark.capture.capture.TSharkCrashException: TShark seems to have crashed (retcode: 2)

Any suggestion how to solve it?

score 0 · Answer 1 · answered Feb 06 '20 at 17:04

You likely solved this problem already, but this works for me.

import pyshark

def filter_tcp_live_packet_capture(network_interface):
    capture = pyshark.LiveCapture(interface=network_interface, display_filter='tcp', only_summaries=True)
    capture.sniff(timeout=50)
    for packet in capture.sniff_continuously(packet_count=5):
        try:
           print(packet)
        except AttributeError as e:
           pass

filter_tcp_live_packet_capture('en0')

pyshark Live Capture with wrong display_filter argument

1 Answers1