Cant get my tshark pharse to work
sandra.baror at
sandra.baror at
Sat Oct 11 03:59:38 EDT 2014
On Thursday, October 9, 2014 9:46:10 PM UTC+3, Tal Bar-Or wrote:
> Hello All,
> I am writing some code to get captured wiresahrk pcap file , using popen.subprocess and extract some table csv format related to SMB, but for some reason i can get the csv when using off-course regular cmd line its work
> The code as follow below , maybe someone with exprience with such can help
> Please advice
> Thanks
> import socket,subprocess
> import os,time
> sharkCall = ["tshark","-i" ,"1", "-w",os.getcwd() +'/smbsession.pcap']
> sharkProc = subprocess.Popen(sharkCall,executable="C:/Program Files/Wireshark/tshark.exe")
> localip = socket.gethostbyname(socket.gethostname())
> a = 0
> while a ==0:
> a =
> time.sleep(2)
> ipflt = ''
> listip = socket.gethostbyname_ex('media.isilon.gefen.local')[2]
> for ip in listip:
> ipflt= ipflt+ "ip.addr==" + ip + "||"
> ipflt = ipflt + "ip.addr==" + localip
> if ipflt.endswith('||'):
> ipflt = ipflt[:-2]
> print (ipflt)
> b= os.path.getsize("//media.isilon.gofn.local/Media/New Text Document.txt")
> #statinfo
> print(b)
> #time.sleep(2)
> sharkProc.kill()
> tsharkCall = ["tshark","-r",'C:/traces_test/smbsession.pcap',"-Y",ipflt,"-T","fields","-e","ip.src","-e","ip.dst","-e","smb.file",\
> "-e","smb.path","-e","smb.time","-e","tcp.time_delta", "-E","header=y","-E","separator=,","-E","quote=d","-E","occurrence=f",\
> '> '+os.getcwd() +'/tracetemp.csv']
> tsharkProc = subprocess.Popen(tsharkCall,executable="C:/Program Files/Wireshark/tshark.exe")
> a = 0
> while a ==0:
> a =
> time.sleep(2)
> print ('Finished')
the problematic code where
sharkCall = ["tshark","-r",'C:/traces_test/smbsession.pcap',"-Y",ipflt,"-T","fields","-e","ip.src","-e","ip.dst","-e","smb.file",\
"-e","smb.path","-e","smb.time","-e","tcp.time_delta", "-E","header=y","-E","separator=,","-E","quote=d","-E","occurrence=f",\
'> '+os.getcwd() +'/tracetemp.csv']
tsharkProc = subprocess.Popen(tsharkCall,executable="C:/Program Files/Wireshark/tshark.exe")
i changed it to as follows below and now its works , thanks
tsharkCall = '"' +os.environ["ProgramFiles"]+'/Wireshark/tshark.exe"' +" -r "+os.getcwd() +'/smbsession.pcap'+" -Y "+'"'+toto+'"'+" -T fields -e ip.src -e ip.dst -e smb.file -e smb.path -e smb.time -e tcp.time_delta -E header=y -E separator=, -E quote=d -E occurrence=f > "+os.getcwd() +"/trac_session.csv"
tsharkProc = subprocess.Popen(tsharkCall,shell=True)
More information about the Python-list
mailing list