Stack Overflow
Stack Overflow

Questions tagged [pyshark]

PyShark is a Python wrapper allowing packet parsing using Wireshark dissectors. This package allows parsing from a capture file or a live capture, using all installed Wireshark dissectors.

PyShark is a Python wrapper allowing packet parsing using Wireshark dissectors. This package allows parsing from a capture file or a live capture, using all installed Wireshark dissectors.

189 questions
1
vote
0 answers

python3 try to handle multiple different zipped pcap files

I try to find a solution to work (just read) a PCAP/pcap File inside a ZIP Archive. I won´t unzip the File to disk, because there are 1000 of zips, and each of them has one pcap inside e.G. file1.zip => contains file1.pcap file2.zip => contains…
Philipp Hoferichter
  • 11
  • 1
1
vote
1 answer

Python multithreading pyshark

Im new to python and I'm testing the library pyshark. I want to sniff the traffic all the time and do other things. But when I start the sniffer, all other code stop working. I've tried asyincio thread and multithreading, but it always give me…
Arturo
  • 63
  • 7
1
vote
0 answers

Unable to run pyshark.FileCapture(pcap) inside a QThread class in linux Ubuntu 16.04

I have a PySide2 Application that works in windows. What it does is that it opens a network packet (pcap) file using the python pyshark library inside a QThread class. It is able to open that pcap file but when i tried to run the same app on ubuntu,…
Lee Sai Mun
  • 140
  • 3
  • 13
1
vote
1 answer

Pyshark - Determine protocol from IPV6

I am trying to obtain the protocol number from an IPV6 packet. Which one fo these fields do I have to use in order to achieve this. print(cap[36].ipv6.field_names) ['version', 'ip_version', 'tclass', 'tclass_dscp', 'tclass_ecn', 'flow', 'plen',…
Lyra Orwell
  • 1,048
  • 4
  • 17
  • 46
1
vote
0 answers

Install TShark on MacOS X Catalina

I need to install TShark and Dumpcap to be able to use pyshark for a project I am working on. Currently this is the error that I am getting: pyshark.tshark.tshark.TSharkNotFoundException: TShark not found. Try adding its location to the…
user1815016
  • 11
  • 2
1
vote
1 answer

Difference between PyShark and TShark Packet Count

I am trying to start two different tshark process with the following python script. import pyshark import subprocess packet_count_pyshark = 0 packet_count_tshark = 0 tsharkCall = ["tshark", "-i", "Wi-Fi", "-w", "tshark_capture" +…
I.K.
  • 414
  • 6
  • 18
1
vote
1 answer

Continuously capture packets in Pyshark

This tutorial and this documentation describes how to capture packets in a live interface. However, you have to specify a limit (either the number of packets or a timeout) in order to start sniffing: capture =…
Nht_e0
  • 140
  • 4
  • 15
1
vote
3 answers

Pyshark packet.tcp.analysis_ack_rtt not consistently available

I'm trying to use Pyshark to capture traffic about a tcp connection, to determine metrics such as RTT, throughput, and packet loss. However, it seems these attributes are not always available. I'm successfully capturing packets, with a TCP layer.…
Kevin
  • 11
  • 3
1
vote
0 answers

CommandInvokeError: Command raised an exception: RuntimeError: Cannot run the event loop while another loop is running When sniffing for packets

I am trying to capture packets based on parameters sent via discord, and then send a capture file to the channel where the bot was called. I am having trouble with the capturing packet portion, something I believe caused by PyShark's sniff function…
Season5Ryze
  • 15
  • 3
1
vote
1 answer

Is there an efficienct way to get field offset in pyshark

Is there an efficient way to get the offset of some field in a packet captured with pyshark? For example, I need to get the offset of the source IP within the whole packet or within some layer header in the packet. Is it possible?
Ahmed Hussein
  • 715
  • 1
  • 15
  • 38
1
vote
1 answer

How to send a pyshark packet to specific network interface?

I am able to read a packet from .pcap file using pyshark. Here is my code: import pyshark cap = pyshark.FileCapture(pcap_dir) # pcap_dir is the directory of my pcap file print(cap[0]) # Print a packet print(cap[0]['IP'].src) # Print some header…
Ahmed Hussein
  • 715
  • 1
  • 15
  • 38
1
vote
1 answer

How to decode a packet in PyShark as decode_as

In Wireshark GUI, we can decode a UPD packet as RTP, and the same can be done in tshark using d ==, How can i do the same in PyShark ? I tried doing the following import pyshark cap =…
dvs
  • 511
  • 1
  • 10
  • 27
1
vote
0 answers

Pyshark library memory issue

I Would like some help on managing memory consumption of pyshark library. Using it creates an effect of requiring more memory as you process more pcap files. I guess that something is no dereferenced and thus stays in memory forever. For example if…
Ciro Alvaro
  • 33
  • 3
1
vote
1 answer

How to get only the number values of the layer of a package obtained through pyshark?

I am using pyshark to read packets from a capture file. I can access the sv.smpCnt layer of the package and all values for analysis. I am not able to extract only the numeric value, without the text . import pyshark import…
Guilherme Alves
  • 55
  • 4
1
vote
0 answers

I am trying to capture packets from a raspberry pi for just a second to get the packets per second ratio

import pyshark capture = pyshark.LiveCapture(interface = 'wlan0') capture.sniff(timeout=1) print(capture) I get this as result: "LiveCapture (0 packets)" But how is possible to get 0 packets all the time?
Xristos Arthur Xenophontos
  • 21
  • 6
1 2 3
12 13