Reputation: 1316
How to list interfaces using PyShark that match a specific IP address?
Is there a way to list out interfaces using pyshark that match a certain IP address? In wireshark, you can see addresses associated with an interface.
Below is an example with an address used on Wi-Fi:
I have also come across this post for tshark that mentions a command to display IP address and MAC address for an interface.
Is something similar possible with pyshark since it's a python wrapper for tshark?
An example with the psutil module shows addresses associated with the interfaces/NICs that would be ideal with pyshark:
>>> import psutil
>>> psutil.net_if_addrs()
{'lo': [snicaddr(family=<AddressFamily.AF_INET: 2>, address='127.0.0.1', netmask='255.0.0.0', broadcast='127.0.0.1', ptp=None),
snicaddr(family=<AddressFamily.AF_INET6: 10>, address='::1', netmask='ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff', broadcast=None, ptp=None),
snicaddr(family=<AddressFamily.AF_LINK: 17>, address='00:00:00:00:00:00', netmask=None, broadcast='00:00:00:00:00:00', ptp=None)],
'wlan0': [snicaddr(family=<AddressFamily.AF_INET: 2>, address='192.168.1.3', netmask='255.255.255.0', broadcast='192.168.1.255', ptp=None),
snicaddr(family=<AddressFamily.AF_INET6: 10>, address='fe80::c685:8ff:fe45:641%wlan0', netmask='ffff:ffff:ffff:ffff::', broadcast=None, ptp=None),
snicaddr(family=<AddressFamily.AF_LINK: 17>, address='c4:85:08:45:06:41', netmask=None, broadcast='ff:ff:ff:ff:ff:ff', ptp=None)]}
>>>
Upvotes: 0
Views: 377
Answers (1)
Reputation: 15639
Pyshark does not have the capability to extract the IP Addresses and MAC Addresses for all the interfaces on your system.
Pyshark uses the following code to obtain all the interface names on the system.
def get_tshark_interfaces(tshark_path=None):
"""Returns a list of interface numbers from the output tshark -D.
Used internally to capture on multiple interfaces.
"""
parameters = [get_process_path(tshark_path), "-D"]
with open(os.devnull, "w") as null:
tshark_interfaces = subprocess.check_output(parameters, stderr=null).decode("utf-8")
return [line.split(" ")[1] for line in tshark_interfaces.splitlines() if '\\\\.\\' not in line]
def get_all_tshark_interfaces_names(tshark_path=None):
"""Returns a list of all possible interface names. Some interfaces may have aliases"""
parameters = [get_process_path(tshark_path), "-D"]
with open(os.devnull, "w") as null:
tshark_interfaces = subprocess.check_output(parameters, stderr=null).decode("utf-8")
all_interface_names = []
for line in tshark_interfaces.splitlines():
matches = _TSHARK_INTERFACE_ALIAS_PATTERN.findall(line)
if matches:
all_interface_names.extend([name for name in matches[0] if name])
return all_interface_names
This code only produces a list with string values, such as showed below.
['en0', 'awdl0', 'llw0', 'utun0', 'utun1', 'utun2', 'utun3', 'utun4', 'lo0', 'ap1', 'en1', 'en2', 'en4', 'en3', 'bridge0', 'gif0', 'stf0', 'ciscodump', 'randpkt', 'sshdump', 'udpdump', 'wifidump']
Here is some usage documentation that I developed for PyShark and have been updating the documentation for about 4 years.
Upvotes: 1
Related Questions
- How do I return dictionary keys as a list in Python?
- How to extract the payload of a packet using Pyshark
- How can I access a udp payload with pyshark?
- Trouble implementing the CIDR notation mask into my ip address output
- How to capture wifi packets with a specific channel using Pyshark?
- python using pyshark to parse .pcap file
- Accessing LayerFieldsContainer using variable in pyshark
- Pyshark interfaces in Live Capture