This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

tshark in subprocess not writing in csv

0

Im using subprocess to use tshark to capture live traffic in python but even though the command->

tshark = subprocess.Popen([TSHARK_PATH, "-i",INTERFACE_NO,"-T"+"fields","-e","frame.time","-e","frame.number","-e","eth.dst","-e","ip.src","-e","ip.dst","-E","header=y", "-E","separator=','","-E", "quote=d" ,"-E","occurrence=f>"+OUTPUT_DIR+OUTPUT_FILE_NAME])

the above code is capturing the traffic but it is not saving in the csv file. Im getting all the paths from a .yml file by following code

try:
     with open('configfile.yml','r') as yf:
        allyml=yaml.load(yf)

except FileNotFoundError: logging.error("ERROR:CONFIG FILE DOES NOT EXIST IN THE GIVEN FILE LOCATION")

for listing in allyml: try: TSHARK_PATH=allyml['TSHARK_PATH'] READ_CAPTUREFILE=allyml['READFROM'] OUTPUT_FILE_NAME=allyml['OUTPUT_FILE_NAME'] OUTPUT_DIR=allyml['OUTPUT_DIR'] INTERFACE_NO=allyml['INTERFACE_NO'] # Catch all YAMLErrors except yaml.YAMLError: logging.exception("ERROR:CONFIG FILE IS NOT CORRECT")

And my .yml file looks like this

#OPTION will choose whether you want to read an existing pcap file(1) or to capture live traffice(2)
OPTION: "1"
#Enter the path where tshark.exe is located
TSHARK_PATH: "C:\Program Files\Wireshark\tshark.exe"
#location of the pcap file to be read
READFROM: "C:\mycaptures\maccdc2012_00000.pcap"
#name of the file to output to
OUTPUT_FILE_NAME : "captured_packets.csv"
#path of the directory to output to
OUTPUT_DIR: "C:\mycaptures\"
INTERFACE_NO: 1
#SELECT DISPLAY OR CAPTURE FILTERS (use
PACKET_FILTER: "ip"
#in kb
OUTPUT_FILE_SIZE_LIMIT: 200

asked 20 Jun ‘17, 04:39

dr_dr_'s gravatar image

dr_dr_
1222
accept rate: 0%


One Answer:

0

Not really a Wireshark question, more a Python one, but I think that Popen doesn't understand the redirection operator, instead you should set the stdout argument of Popen to a file object Try something like this:

f = open(os.path.join(OUTPUT_DIR, OUTPUT_FILE_NAME), "w")
subprocess.Popen([TSHARK COMMAND LINE], stdout = f)
f.close()

answered 20 Jun '17, 11:08

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%