Im using subprocess to use tshark to capture live traffic in python but even though the command->
tshark = subprocess.Popen([TSHARK_PATH, "-i",INTERFACE_NO,"-T"+"fields","-e","frame.time","-e","frame.number","-e","eth.dst","-e","ip.src","-e","ip.dst","-E","header=y", "-E","separator=','","-E", "quote=d" ,"-E","occurrence=f>"+OUTPUT_DIR+OUTPUT_FILE_NAME])
the above code is capturing the traffic but it is not saving in the csv file. Im getting all the paths from a .yml file by following code
try:
with open('configfile.yml','r') as yf:
allyml=yaml.load(yf)
except FileNotFoundError:
logging.error("ERROR:CONFIG FILE DOES NOT EXIST IN THE GIVEN FILE LOCATION")
for listing in allyml:
try:
TSHARK_PATH=allyml['TSHARK_PATH']
READ_CAPTUREFILE=allyml['READFROM']
OUTPUT_FILE_NAME=allyml['OUTPUT_FILE_NAME']
OUTPUT_DIR=allyml['OUTPUT_DIR']
INTERFACE_NO=allyml['INTERFACE_NO']
# Catch all YAMLErrors
except yaml.YAMLError:
logging.exception("ERROR:CONFIG FILE IS NOT CORRECT")
And my .yml file looks like this
#OPTION will choose whether you want to read an existing pcap file(1) or to capture live traffice(2)
OPTION: "1"
#Enter the path where tshark.exe is located
TSHARK_PATH: "C:\Program Files\Wireshark\tshark.exe"
#location of the pcap file to be read
READFROM: "C:\mycaptures\maccdc2012_00000.pcap"
#name of the file to output to
OUTPUT_FILE_NAME : "captured_packets.csv"
#path of the directory to output to
OUTPUT_DIR: "C:\mycaptures\"
INTERFACE_NO: 1
#SELECT DISPLAY OR CAPTURE FILTERS (use
PACKET_FILTER: "ip"
#in kb
OUTPUT_FILE_SIZE_LIMIT: 200
asked 20 Jun ‘17, 04:39
dr_dr_
1●2●2●2
accept rate: 0%