CODEWITHSUNDEEP
pythontsharkpyshark
harp1814
harp1814

Reputation: 1658

Module PyShark has no attribute 'PipeCapture'

As is known, pyshark is a wrapper for tshark. With large volumes of traffic, part of the packets are lost due to the limitations of the buffer size (tshark has 2 MB by default)

My idea is as follows: I want to run tshark with a buffer size like 20MB and pipe the output to my Python script. In this case, instead of LiveCapture, I use PipeCapture as follow:

import pyshark
import pandas as pd
import os

r, w = os.pipe()
pid = os.fork()
r = os.fdopen(r)    

capture = pyshark.PipeCapture(pipe=r, bpf_filter='udp port 5060')

for packet in capture.sniff_continuously():
  print(packet)

And i got error:

AttributeError: module 'pyshark' has no attribute 'PipeCapture' .

I checked source code of pyshark here: https://github.com/KimiNewt/pyshark/blob/master/src/pyshark/capture/pipe_capture.py

Whats wrong?

UPDATE:

As @maxkanthauer recommended I do:

import pyshark
import pandas as pd
import sys
from pyshark.capture.pipe_capture import PipeCapture

r =  sys.stdin

while True:
    capture = PipeCapture(pipe=r)
    print(capture)

and start my script :

tcpdump -l  port 5060 -i etho  | python  pyshark_test.py

Although i sure that there are many packets the output is :

<PipeCapture (0 packets)>
<PipeCapture (0 packets)>
<PipeCapture (0 packets)>

Upvotes: 0

Views: 1000

Answers (2)

Thomas Blazek
Thomas Blazek

Reputation: 1

To answer the update, PipeCapture creates a generator, which will always indicate 0 packets before properly reading it. In order to actually read from the FIFO, you iterate over it:

capture = PipeCapture(pipe=r)
for packet in capture:
     # do stuff

This will execute the loop everytime a new packet comes in.

Upvotes: 0

MaxKanthauer
MaxKanthauer

Reputation: 11

For some reasons, PipeCapture is not directly under pyshark but rather under pyshark.capture.pipe_capture. In addition, os.pipe() is not a valid value for the pipe parameter. The following should work:

import pyshark
import sys
from pyshark.capture.pipe_capture import PipeCapture

r = sys.stdin

capture = PipeCapture(pipe=r)

def print_callback(pkt):
    print(pkt)

capture.apply_on_packets(print_callback)

Upvotes: 1

Related Questions