Cant get my tshark pharse to work

sandra.baror at gmail.com sandra.baror at gmail.com
Sat Oct 11 09:59:38 CEST 2014


On Thursday, October 9, 2014 9:46:10 PM UTC+3, Tal Bar-Or wrote:
> Hello All,
> 
> 
> 
> I am writing some code to get captured wiresahrk pcap file , using popen.subprocess and extract some table csv format related to SMB, but for some reason i can get the csv when using off-course regular cmd line its work
> 
> The code as follow below , maybe someone with exprience with such can help
> 
> Please advice 
> 
> Thanks
> 
> 
> 
> import socket,subprocess
> 
> import os,time
> 
> 
> 
> sharkCall = ["tshark","-i" ,"1", "-w",os.getcwd() +'/smbsession.pcap']
> 
> sharkProc = subprocess.Popen(sharkCall,executable="C:/Program Files/Wireshark/tshark.exe")
> 
> localip = socket.gethostbyname(socket.gethostname())
> 
> 
> 
> a = 0
> 
> 
> 
> while a ==0:
> 
>     a = sharkProc.pid
> 
>     time.sleep(2)
> 
> 
> 
> 
> 
> ipflt = ''
> 
> 
> 
> listip = socket.gethostbyname_ex('media.isilon.gefen.local')[2]
> 
> 
> 
> for ip in listip:
> 
>     ipflt= ipflt+ "ip.addr==" + ip + "||"
> 
> ipflt = ipflt + "ip.addr==" + localip
> 
> 
> 
> if ipflt.endswith('||'):
> 
>     ipflt = ipflt[:-2]
> 
> print (ipflt)
> 
> b= os.path.getsize("//media.isilon.gofn.local/Media/New Text Document.txt")
> 
> #statinfo
> 
> print(b)
> 
> 
> 
> 
> 
> #time.sleep(2)
> 
> sharkProc.kill()
> 
> tsharkCall = ["tshark","-r",'C:/traces_test/smbsession.pcap',"-Y",ipflt,"-T","fields","-e","ip.src","-e","ip.dst","-e","smb.file",\
> 
>                "-e","smb.path","-e","smb.time","-e","tcp.time_delta", "-E","header=y","-E","separator=,","-E","quote=d","-E","occurrence=f",\
> 
>                '> '+os.getcwd() +'/tracetemp.csv']
> 
> tsharkProc = subprocess.Popen(tsharkCall,executable="C:/Program Files/Wireshark/tshark.exe")
> 
> 
> 
> a = 0
> 
> 
> 
> while a ==0:
> 
>     a = tsharkProc.pid
> 
>     time.sleep(2)
> 
> print ('Finished')

the problematic code where 
sharkCall = ["tshark","-r",'C:/traces_test/smbsession.pcap',"-Y",ipflt,"-T","fields","-e","ip.src","-e","ip.dst","-e","smb.file",\
               "-e","smb.path","-e","smb.time","-e","tcp.time_delta", "-E","header=y","-E","separator=,","-E","quote=d","-E","occurrence=f",\
               '> '+os.getcwd() +'/tracetemp.csv']
tsharkProc = subprocess.Popen(tsharkCall,executable="C:/Program Files/Wireshark/tshark.exe")

i changed it to as follows below and now its works , thanks

tsharkCall = '"' +os.environ["ProgramFiles"]+'/Wireshark/tshark.exe"' +" -r "+os.getcwd() +'/smbsession.pcap'+" -Y "+'"'+toto+'"'+" -T fields -e ip.src  -e ip.dst -e smb.file -e smb.path -e smb.time -e tcp.time_delta -E header=y -E separator=, -E quote=d -E occurrence=f > "+os.getcwd() +"/trac_session.csv"
tsharkProc = subprocess.Popen(tsharkCall,shell=True)



More information about the Python-list mailing list