2

I have been using pyshark to process the packet capture data and while printing out the DNS requests and responses, I am getting an error of:

' File "/home/nilufa/anaconda3/lib/python3.7/site-packages/pyshark/packet/packet.py", line 50, in __getitem__
    raise KeyError('Layer does not exist in packet')
KeyError: 'Layer does not exist in packet'

Below is the code I have written :

>>> import pyshark
>>> cap=pyshark.LiveCapture(interface='wlp2s0',bpf_filter='udp port 53')
>>> cap.sniff(packet_count=10)
>>> def print_packet_info(pkt):
        if pkt.dns.qry_name:
            print('Detected')
            print('DNS Request/Response from',pkt['ip'].src,pkt.dns.qry_name)
... 
>>> cap.apply_on_packets(print_packet_info)

And the output I got is :

Detected
DNS Request/Response from 192.168.43.90 connectivity-check.ubuntu.com
Detected
DNS Request/Response from 192.168.43.1 connectivity-check.ubuntu.com
Detected
DNS Request/Response from 192.168.43.90 connectivity-check.ubuntu.com
Detected
DNS Request/Response from 192.168.43.1 connectivity-check.ubuntu.com
Detected
DNS Request/Response from 192.168.43.90 connectivity-check.ubuntu.com
Detected
DNS Request/Response from 192.168.43.1 connectivity-check.ubuntu.com
Detected
DNS Request/Response from 192.168.43.90 connectivity-check.ubuntu.com
Detected
DNS Request/Response from 192.168.43.1 connectivity-check.ubuntu.com
Detected
DNS Request/Response from 192.168.43.90 connectivity-check.ubuntu.com
Detected
DNS Request/Response from 192.168.43.1 connectivity-check.ubuntu.com
Detected
DNS Request/Response from 192.168.43.90 www.googleapis.com
Detected
DNS Request/Response from 192.168.43.90 www.googleapis.com
Detected
DNS Request/Response from 192.168.43.1 www.googleapis.com
Detected
DNS Request/Response from 192.168.43.1 www.googleapis.com
Detected
DNS Request/Response from 192.168.43.90 apidata.googleusercontent.com
Detected
DNS Request/Response from 192.168.43.90 apidata.googleusercontent.com
Detected
DNS Request/Response from 192.168.43.1 apidata.googleusercontent.com
Detected
DNS Request/Response from 192.168.43.1 apidata.googleusercontent.com
Detected
DNS Request/Response from 192.168.43.90 safebrowsing.googleapis.com
Detected
DNS Request/Response from 192.168.43.90 safebrowsing.googleapis.com
Detected
DNS Request/Response from 192.168.43.1 safebrowsing.googleapis.com
Detected
DNS Request/Response from 192.168.43.1 safebrowsing.googleapis.com
Detected
DNS Request/Response from 192.168.43.90 mozilla.org
Detected
DNS Request/Response from 192.168.43.90 mozilla.org
Detected
DNS Request/Response from 192.168.43.90 detectportal.firefox.com
Detected
DNS Request/Response from 192.168.43.90 detectportal.firefox.com
Detected
DNS Request/Response from 192.168.43.1 mozilla.org
Detected
DNS Request/Response from 192.168.43.90 mozilla.org
Detected
DNS Request/Response from 192.168.43.1 mozilla.org
Detected
DNS Request/Response from 192.168.43.90 mozilla.org
Detected
DNS Request/Response from 192.168.43.1 detectportal.firefox.com
Detected
DNS Request/Response from 192.168.43.1 detectportal.firefox.com
Detected
DNS Request/Response from 192.168.43.1 mozilla.org
Detected
DNS Request/Response from 192.168.43.90 detectportal.firefox.com
Detected
DNS Request/Response from 192.168.43.90 detectportal.firefox.com
Detected
DNS Request/Response from 192.168.43.1 mozilla.org
Detected
DNS Request/Response from 192.168.43.1 detectportal.firefox.com
Detected
DNS Request/Response from 192.168.43.1 detectportal.firefox.com
Detected
DNS Request/Response from 192.168.43.90 detectportal.firefox.com
Detected
DNS Request/Response from 192.168.43.90 detectportal.firefox.com
Detected
DNS Request/Response from 192.168.43.1 detectportal.firefox.com
Detected
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/nilufa/anaconda3/lib/python3.7/site-packages/pyshark/capture/capture.py", line 277, in apply_on_packets
return self.eventloop.run_until_complete(coro)
File "/home/nilufa/anaconda3/lib/python3.7/asyncio/base_events.py", line 583, in run_until_complete
return future.result()
File "/home/nilufa/anaconda3/lib/python3.7/site-packages/pyshark/capture/capture.py", line 288, in packets_from_tshark
await self._go_through_packets_from_fd(tshark_process.stdout, packet_callback,   packet_count=packet_count)
File "/home/nilufa/anaconda3/lib/python3.7/site-packages/pyshark/capture/capture.py", line 314, in _go_through_packets_from_fd
packet_callback(packet)
File "<stdin>", line 4, in print_packet_info
File "/home/nilufa/anaconda3/lib/python3.7/site-packages/pyshark/packet/packet.py", line 50,  in __getitem__
raise KeyError('Layer does not exist in packet')
KeyError: 'Layer does not exist in packet'
halfer
  • 19,824
  • 17
  • 99
  • 186
Nilufa Islam
  • 29
  • 4
  • This could depend on the content being analyzed. So, providing the part of the capture data which causes pyshark to fail would be useful. – Adrian W May 15 '20 at 09:02
  • can you please show me how? it would be very helpful. thank you – Nilufa Islam May 15 '20 at 12:20
  • 1
    You should be able to record the same data with Wireshark (if you have a deskop environment, otherwise tcpdump). If you run your program and Wireshark/tcpdump at the same time, you show be able to match the packet which causes your program to fail with a packet recorded by Wireshark/tcpdump. Wireshark/tcpdump both understand the same capture filter (`udp port 53`) as pyshark. – Adrian W May 16 '20 at 13:11

0 Answers0