OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

Sniff Continuously and Save PCAP Files Simultaneously using PyShark's LiveCapture Method with display_filter

  • Thread starter Thread starter kyrlon
  • Start date Start date
K

kyrlon

Guest
I am attempting to continuously sniff packets while concurrently saving them to a PCAP file using PyShark's LiveCapture method with the display_filter param. I am attempting to replicate the feature from Wireshark where you can stop and save a capture at any given moment with any filter specified. This setup in python would involve an indefinite timeout and no restriction on packet counts, allowing a process interruption (such as a keyboard interrupt) to halt the process. Here is an example with try/catch where I can print out packets with no problem:

Code:
import pyshark

interf = "Wi-Fi"
capture = pyshark.LiveCapture(interface=interf, display_filter='tcp')

try:
    for packet in capture.sniff_continuously():
        print(packet)
except KeyboardInterrupt:
    print("Capture stopped.")

And now after adding the param for output_file, nothing happens:

Code:
import pyshark

interf = "Wi-Fi"
capture = pyshark.LiveCapture(interface=interf, display_filter='tcp', output_file="HERE.pcap")

try:
    for packet in capture.sniff_continuously():
        print(packet)
except KeyboardInterrupt:
    print("Capture stopped.")

Currently using pyshark==0.6
<p>I am attempting to continuously sniff packets while concurrently saving them to a PCAP file using PyShark's <code>LiveCapture</code> method with the <code>display_filter</code> param. I am attempting to replicate the feature from Wireshark where you can stop and save a capture at any given moment with any filter specified. This setup in python would involve an indefinite timeout and no restriction on packet counts, allowing a process interruption (such as a keyboard interrupt) to halt the process. Here is an example with try/catch where I can print out packets with no problem:</p>
<pre><code>import pyshark

interf = "Wi-Fi"
capture = pyshark.LiveCapture(interface=interf, display_filter='tcp')

try:
for packet in capture.sniff_continuously():
print(packet)
except KeyboardInterrupt:
print("Capture stopped.")
</code></pre>
<p>And now after adding the param for <em>output_file</em>, nothing happens:</p>
<pre><code>import pyshark

interf = "Wi-Fi"
capture = pyshark.LiveCapture(interface=interf, display_filter='tcp', output_file="HERE.pcap")

try:
for packet in capture.sniff_continuously():
print(packet)
except KeyboardInterrupt:
print("Capture stopped.")
</code></pre>
<p>Currently using <code>pyshark==0.6</code></p>
 

Latest posts

I
Replies
0
Views
1
impact christian
I
Top