This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Get tshark output in the python

0

I have a command which works great at the terminal:

sudo tshark -V -l -i 'any' -f 'udp port 4729'

I trying to read the output from my python script:

import subprocess
import shlex
output = subprocess.check_output(shlex.split("""sudo tshark -V -l -i "any" -f 'udp port 4729'"""))
print output

I receives nothing. But when I press ctrl+c, I receives this:

[email protected]:~/workspace/glade_tests/src$ sudo ./main.py
tshark: Lua: Error during loading:
 [string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled
Running as user "root" and group "root". This could be dangerous.
Capturing on Pseudo-device that captures on all interfaces
^C164 packets captured
Traceback (most recent call last):
  File "./main.py", line 84, in <module>
    output = subprocess.check_output(shlex.split("""sudo tshark -V -l -i "any" -f 'udp port 4729'"""))
  File "/usr/lib/python2.7/subprocess.py", line 538, in check_output
    output, unused_err = process.communicate()
  File "/usr/lib/python2.7/subprocess.py", line 746, in communicate
    stdout = _eintr_retry_call(self.stdout.read)
  File "/usr/lib/python2.7/subprocess.py", line 478, in _eintr_retry_call
    return func(*args)
KeyboardInterrupt

As you can see there is the "164 packets captured" line, which means that thark was working. But where is the output of tshark? Can you help me with this?

Also tried to use it like this:

import subprocess
command = ['tshark', '-V', '-l', '-i', '"any"', '-f', '"udp port 4729"']  # the shell command
process = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=None)
output, error = process.communicate()
print output

I receive the error:

[email protected]:~/workspace/glade_tests/src$ sudo ./main.py
tshark: Lua: Error during loading:
 [string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled
Running as user "root" and group "root". This could be dangerous.
Capturing on "any"
tshark: The capture session could not be initiated (No such device exists).
Please check to make sure you have sufficient permissions, and that you have the proper interface or pipe specified.
0 packets captured

asked 04 Mar '14, 23:25

Gooman's gravatar image

Gooman
1112
accept rate: 0%

edited 04 Mar '14, 23:26

One Answer:

0

sudo tshark -V -l -i 'any' -f 'udp port 4729'

sudo expects input from STDIN (the password), so you cannot execute that within a script without taking care about that. However: That's more of a Python scripting question and you would get much better answers in a Python forum.

Furthermore, you should not run tshark as root!

So, if you run tshark without sudo (aka without root), your script should (basically) work.

Regards
Kurt

answered 06 Mar '14, 14:02

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

No, it doesn't work without sudo (just in the terminal). It doesn't without sudo because I catch packets from my device which connected to the USB, so Ubunti Linux doesn't give the access to this USB without root rules.

(06 Mar '14, 20:35) Gooman

It will work without root (sudo), if you follow the steps to correctly configure privilege separation.

See here:

http://ask.wireshark.org/questions/7523/ubuntu-machine-no-interfaces-listed

The important part is "setcap" for dumpcap!

(07 Mar '14, 01:45) Kurt Knochner ♦