Cant get my tshark pharse to work
Tal Bar-Or
tbaror at gmail.com
Thu Oct 9 14:45:56 EDT 2014
Hello All,
I am writing some code to get captured wiresahrk pcap file , using popen.subprocess and extract some table csv format related to SMB, but for some reason i can get the csv when using off-course regular cmd line its work
The code as follow below , maybe someone with exprience with such can help
Please advice
Thanks
import socket,subprocess
import os,time
sharkCall = ["tshark","-i" ,"1", "-w",os.getcwd() +'/smbsession.pcap']
sharkProc = subprocess.Popen(sharkCall,executable="C:/Program Files/Wireshark/tshark.exe")
localip = socket.gethostbyname(socket.gethostname())
a = 0
while a ==0:
a = sharkProc.pid
time.sleep(2)
ipflt = ''
listip = socket.gethostbyname_ex('media.isilon.gefen.local')[2]
for ip in listip:
ipflt= ipflt+ "ip.addr==" + ip + "||"
ipflt = ipflt + "ip.addr==" + localip
if ipflt.endswith('||'):
ipflt = ipflt[:-2]
print (ipflt)
b= os.path.getsize("//media.isilon.gofn.local/Media/New Text Document.txt")
#statinfo
print(b)
#time.sleep(2)
sharkProc.kill()
tsharkCall = ["tshark","-r",'C:/traces_test/smbsession.pcap',"-Y",ipflt,"-T","fields","-e","ip.src","-e","ip.dst","-e","smb.file",\
"-e","smb.path","-e","smb.time","-e","tcp.time_delta", "-E","header=y","-E","separator=,","-E","quote=d","-E","occurrence=f",\
'> '+os.getcwd() +'/tracetemp.csv']
tsharkProc = subprocess.Popen(tsharkCall,executable="C:/Program Files/Wireshark/tshark.exe")
a = 0
while a ==0:
a = tsharkProc.pid
time.sleep(2)
print ('Finished')
More information about the Python-list
mailing list