Cant get my tshark pharse to work
sandra.baror at gmail.com
sandra.baror at gmail.com
Sat Oct 11 03:59:38 EDT 2014
On Thursday, October 9, 2014 9:46:10 PM UTC+3, Tal Bar-Or wrote:
> Hello All,
>
>
>
> I am writing some code to get captured wiresahrk pcap file , using popen.subprocess and extract some table csv format related to SMB, but for some reason i can get the csv when using off-course regular cmd line its work
>
> The code as follow below , maybe someone with exprience with such can help
>
> Please advice
>
> Thanks
>
>
>
> import socket,subprocess
>
> import os,time
>
>
>
> sharkCall = ["tshark","-i" ,"1", "-w",os.getcwd() +'/smbsession.pcap']
>
> sharkProc = subprocess.Popen(sharkCall,executable="C:/Program Files/Wireshark/tshark.exe")
>
> localip = socket.gethostbyname(socket.gethostname())
>
>
>
> a = 0
>
>
>
> while a ==0:
>
> a = sharkProc.pid
>
> time.sleep(2)
>
>
>
>
>
> ipflt = ''
>
>
>
> listip = socket.gethostbyname_ex('media.isilon.gefen.local')[2]
>
>
>
> for ip in listip:
>
> ipflt= ipflt+ "ip.addr==" + ip + "||"
>
> ipflt = ipflt + "ip.addr==" + localip
>
>
>
> if ipflt.endswith('||'):
>
> ipflt = ipflt[:-2]
>
> print (ipflt)
>
> b= os.path.getsize("//media.isilon.gofn.local/Media/New Text Document.txt")
>
> #statinfo
>
> print(b)
>
>
>
>
>
> #time.sleep(2)
>
> sharkProc.kill()
>
> tsharkCall = ["tshark","-r",'C:/traces_test/smbsession.pcap',"-Y",ipflt,"-T","fields","-e","ip.src","-e","ip.dst","-e","smb.file",\
>
> "-e","smb.path","-e","smb.time","-e","tcp.time_delta", "-E","header=y","-E","separator=,","-E","quote=d","-E","occurrence=f",\
>
> '> '+os.getcwd() +'/tracetemp.csv']
>
> tsharkProc = subprocess.Popen(tsharkCall,executable="C:/Program Files/Wireshark/tshark.exe")
>
>
>
> a = 0
>
>
>
> while a ==0:
>
> a = tsharkProc.pid
>
> time.sleep(2)
>
> print ('Finished')
the problematic code where
sharkCall = ["tshark","-r",'C:/traces_test/smbsession.pcap',"-Y",ipflt,"-T","fields","-e","ip.src","-e","ip.dst","-e","smb.file",\
"-e","smb.path","-e","smb.time","-e","tcp.time_delta", "-E","header=y","-E","separator=,","-E","quote=d","-E","occurrence=f",\
'> '+os.getcwd() +'/tracetemp.csv']
tsharkProc = subprocess.Popen(tsharkCall,executable="C:/Program Files/Wireshark/tshark.exe")
i changed it to as follows below and now its works , thanks
tsharkCall = '"' +os.environ["ProgramFiles"]+'/Wireshark/tshark.exe"' +" -r "+os.getcwd() +'/smbsession.pcap'+" -Y "+'"'+toto+'"'+" -T fields -e ip.src -e ip.dst -e smb.file -e smb.path -e smb.time -e tcp.time_delta -E header=y -E separator=, -E quote=d -E occurrence=f > "+os.getcwd() +"/trac_session.csv"
tsharkProc = subprocess.Popen(tsharkCall,shell=True)
More information about the Python-list
mailing list