Difference between PyShark and TShark Packet Count

Question

I am trying to start two different tshark process with the following python script.

import pyshark
import subprocess

packet_count_pyshark = 0
packet_count_tshark = 0

tsharkCall = ["tshark", "-i", "Wi-Fi", "-w", "tshark_capture" + ".pcap"]
print("Starting TShark")
tshark_process = subprocess.Popen(tsharkCall, stderr=subprocess.DEVNULL)
print("Starting Pyshark")
capture = pyshark.LiveCapture(interface='Wi-Fi')
for packet in capture.sniff_continuously():
    packet_count_pyshark += 1
    print("Pyshark : ", packet_count_pyshark)

After executing the script I opened 10 different youtube videos from browser to create a huge traffic. After waiting around 30 seconds. I cut the program flow with CTRL+C. I saw that the last packet count captured by the pyshark is 6672 however, the number of packets in the tshark pcapng file is 63916. There is a huge gap between the two. I wonder the what is this originated from? Am I doing/understanding something wrong? Any idea is appreciated. Issue is also present at github > https://github.com/KimiNewt/pyshark/issues/375

My Pyshark version is 0.4.2.9 and my TShark version is TShark (Wireshark) 3.0.0 (v3.0.0-0-g937e33de)

Answer 1

Im not sure, but i think tshark does it job much faster then pyshark, the point that you are printing while looping, is probably taking alot of time, which lead pyshark to drop packet, cause the NIC buffer is getting full, and also they starts in diffrerent times, which can also lead to difference