pyshark.LiveCapture 没有抓包
pyshark.LiveCapture not capturing packets
我的 Linux 系统上的 运行 pyshark 版本 0.4.2.9。我试图从我的无线接口 'wl01' 捕获数据包,但 pyshark.LiveCapture(interface='wl01') 捕获了 0 个数据包。 tshark抓包的地方就好了。
>>> import pyshark
>>> cap=pyshark.LiveCapture(interface='wl01')
>>> cap.sniff(timeout=50)
>>> cap
<LiveCapture (0 packets)>
我也尝试了 capture.set_debug(),得到以下结果:
>>> capture = pyshark.LiveCapture(interface='wl01')
>>> capture.set_debug()
>>> capture.sniff(timeout=50)
2020-05-14 12:57:37,348 - LiveCapture - DEBUG - Creating Dumpcap subprocess with parameters: /usr/bin/dumpcap -q -i wl01 -w -
2020-05-14 12:57:37,350 - LiveCapture - DEBUG - Dumpcap subprocess created
2020-05-14 12:57:37,351 - LiveCapture - DEBUG - Creating TShark subprocess with parameters: /usr/bin/tshark -l -n -T pdml -r -
2020-05-14 12:57:37,351 - LiveCapture - DEBUG - Executable: /usr/bin/tshark
2020-05-14 12:57:37,353 - LiveCapture - DEBUG - TShark subprocess created
2020-05-14 12:57:37,353 - LiveCapture - DEBUG - Starting to go through packets
Capturing on 'wl01'
dumpcap: The capture session could not be initiated on interface 'wl01' (No such device exists).
Please check that you have the proper interface or pipe specified.
>>> capture
<LiveCapture (0 packets)>
任何帮助是appreciated.Thanks!
编辑 1:
运行 使用 sudo 的脚本时,我得到以下信息:
user@aritri:~/Documents/tshark$ sudo python3 test.py
[sudo] password for user:
Task exception was never retrieved
future: <Task finished coro=<Capture.packets_from_tshark() done, defined at /home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py:279> exception=TSharkCrashException('TShark seems to have crashed (retcode: 1). Try rerunning in debug mode [ capture_obj.set_debug() ] or try updating tshark.',)>
Traceback (most recent call last):
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 288, in packets_from_tshark
await self._go_through_packets_from_fd(tshark_process.stdout, packet_callback, packet_count=packet_count)
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 306, in _go_through_packets_from_fd
psml_structure=psml_struct)
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 366, in _get_packet_from_stream
new_data = await stream.read(self.DEFAULT_BATCH_SIZE)
File "/usr/lib/python3.6/asyncio/streams.py", line 634, in read
yield from self._wait_for_data('read')
File "/usr/lib/python3.6/asyncio/streams.py", line 464, in _wait_for_data
yield from self._waiter
concurrent.futures._base.CancelledError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 293, in packets_from_tshark
await self.close_async()
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 441, in close_async
await self._cleanup_subprocess(process)
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 434, in _cleanup_subprocess
% process.returncode)
pyshark.capture.capture.TSharkCrashException: TShark seems to have crashed (retcode: 1). Try rerunning in debug mode [ capture_obj.set_debug() ] or try updating tshark.
Exception ignored in: <bound method Capture.__del__ of <LiveCapture (0 packets)>>
Traceback (most recent call last):
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 446, in __del__
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 437, in close
File "/usr/lib/python3.6/asyncio/base_events.py", line 484, in run_until_complete
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 441, in close_async
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 434, in _cleanup_subprocess
pyshark.capture.capture.TSharkCrashException: TShark seems to have crashed (retcode: 1). Try rerunning in debug mode [ capture_obj.set_debug() ] or try updating tshark.
编辑 2:
'tshark -D' 和 'sudo tshark -D' 这两个命令给出相同的输出。
user@aritri:~$ tshark -D
1. wlo1
2. any
3. lo (Loopback)
4. eno1
5. bluetooth0
6. nflog
7. nfqueue
8. usbmon1
9. usbmon2
10. ciscodump (Cisco remote capture)
11. dpauxmon (DisplayPort AUX channel monitor capture)
12. randpkt (Random packet generator)
13. sdjournal (systemd Journal Export)
14. sshdump (SSH remote capture)
15. udpdump (UDP Listener remote capture)
user@aritri:~$ sudo tshark -D
[sudo] password for user:
Running as user "root" and group "root". This could be dangerous.
1. wlo1
2. any
3. lo (Loopback)
4. eno1
5. bluetooth0
6. nflog
7. nfqueue
8. usbmon1
9. usbmon2
10. ciscodump (Cisco remote capture)
11. dpauxmon (DisplayPort AUX channel monitor capture)
12. randpkt (Random packet generator)
13. sdjournal (systemd Journal Export)
14. sshdump (SSH remote capture)
15. udpdump (UDP Listener remote capture)
接口名称是 wlo1 但您在代码中使用了 wl01。 o != 0.
我的 Linux 系统上的 运行 pyshark 版本 0.4.2.9。我试图从我的无线接口 'wl01' 捕获数据包,但 pyshark.LiveCapture(interface='wl01') 捕获了 0 个数据包。 tshark抓包的地方就好了。
>>> import pyshark
>>> cap=pyshark.LiveCapture(interface='wl01')
>>> cap.sniff(timeout=50)
>>> cap
<LiveCapture (0 packets)>
我也尝试了 capture.set_debug(),得到以下结果:
>>> capture = pyshark.LiveCapture(interface='wl01')
>>> capture.set_debug()
>>> capture.sniff(timeout=50)
2020-05-14 12:57:37,348 - LiveCapture - DEBUG - Creating Dumpcap subprocess with parameters: /usr/bin/dumpcap -q -i wl01 -w -
2020-05-14 12:57:37,350 - LiveCapture - DEBUG - Dumpcap subprocess created
2020-05-14 12:57:37,351 - LiveCapture - DEBUG - Creating TShark subprocess with parameters: /usr/bin/tshark -l -n -T pdml -r -
2020-05-14 12:57:37,351 - LiveCapture - DEBUG - Executable: /usr/bin/tshark
2020-05-14 12:57:37,353 - LiveCapture - DEBUG - TShark subprocess created
2020-05-14 12:57:37,353 - LiveCapture - DEBUG - Starting to go through packets
Capturing on 'wl01'
dumpcap: The capture session could not be initiated on interface 'wl01' (No such device exists).
Please check that you have the proper interface or pipe specified.
>>> capture
<LiveCapture (0 packets)>
任何帮助是appreciated.Thanks!
编辑 1: 运行 使用 sudo 的脚本时,我得到以下信息:
user@aritri:~/Documents/tshark$ sudo python3 test.py
[sudo] password for user:
Task exception was never retrieved
future: <Task finished coro=<Capture.packets_from_tshark() done, defined at /home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py:279> exception=TSharkCrashException('TShark seems to have crashed (retcode: 1). Try rerunning in debug mode [ capture_obj.set_debug() ] or try updating tshark.',)>
Traceback (most recent call last):
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 288, in packets_from_tshark
await self._go_through_packets_from_fd(tshark_process.stdout, packet_callback, packet_count=packet_count)
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 306, in _go_through_packets_from_fd
psml_structure=psml_struct)
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 366, in _get_packet_from_stream
new_data = await stream.read(self.DEFAULT_BATCH_SIZE)
File "/usr/lib/python3.6/asyncio/streams.py", line 634, in read
yield from self._wait_for_data('read')
File "/usr/lib/python3.6/asyncio/streams.py", line 464, in _wait_for_data
yield from self._waiter
concurrent.futures._base.CancelledError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 293, in packets_from_tshark
await self.close_async()
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 441, in close_async
await self._cleanup_subprocess(process)
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 434, in _cleanup_subprocess
% process.returncode)
pyshark.capture.capture.TSharkCrashException: TShark seems to have crashed (retcode: 1). Try rerunning in debug mode [ capture_obj.set_debug() ] or try updating tshark.
Exception ignored in: <bound method Capture.__del__ of <LiveCapture (0 packets)>>
Traceback (most recent call last):
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 446, in __del__
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 437, in close
File "/usr/lib/python3.6/asyncio/base_events.py", line 484, in run_until_complete
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 441, in close_async
File "/home/user/.local/lib/python3.6/site-packages/pyshark/capture/capture.py", line 434, in _cleanup_subprocess
pyshark.capture.capture.TSharkCrashException: TShark seems to have crashed (retcode: 1). Try rerunning in debug mode [ capture_obj.set_debug() ] or try updating tshark.
编辑 2: 'tshark -D' 和 'sudo tshark -D' 这两个命令给出相同的输出。
user@aritri:~$ tshark -D
1. wlo1
2. any
3. lo (Loopback)
4. eno1
5. bluetooth0
6. nflog
7. nfqueue
8. usbmon1
9. usbmon2
10. ciscodump (Cisco remote capture)
11. dpauxmon (DisplayPort AUX channel monitor capture)
12. randpkt (Random packet generator)
13. sdjournal (systemd Journal Export)
14. sshdump (SSH remote capture)
15. udpdump (UDP Listener remote capture)
user@aritri:~$ sudo tshark -D
[sudo] password for user:
Running as user "root" and group "root". This could be dangerous.
1. wlo1
2. any
3. lo (Loopback)
4. eno1
5. bluetooth0
6. nflog
7. nfqueue
8. usbmon1
9. usbmon2
10. ciscodump (Cisco remote capture)
11. dpauxmon (DisplayPort AUX channel monitor capture)
12. randpkt (Random packet generator)
13. sdjournal (systemd Journal Export)
14. sshdump (SSH remote capture)
15. udpdump (UDP Listener remote capture)
接口名称是 wlo1 但您在代码中使用了 wl01。 o != 0.