如何获取 Python 中的 Tshark 数据?

How to get Tshark Data in Python?

我正在尝试使用子进程和 TShark 捕获一个简单的命令。

import subprocess

tsharkCall = ["tshark", "-a", "duration:2", "-i", "2"]
tsharkProc = subprocess.Popen(tsharkCall,
                              bufsize=0,
                              executable="C:\Program Files\Wireshark\tshark.exe",
                              shell=True,
                              stdout=subprocess.PIPE,
                              stderr=subprocess.PIPE,
                              stdin=subprocess.PIPE)
print(tsharkProc.communicate()[1].decode('utf-8', errors='replace'))

它给了我这个错误:

Capturing on 'Local Area Connection* 4'
tshark: Invalid capture filter "/c tshark -a duration:2 -i 2" for interface 'Local Area Connection* 8'.

That string isn't a valid capture filter (can't parse filter expression: syntax error).
See the User's Guide for a description of the capture filter syntax.
0 packets captured

知道为什么吗?非常感谢♥

我最近没用过它,但你可能想看看 pyshark。 它是 tshark 的 python 包装器。

https://github.com/KimiNewt/pyshark

这是一个非常简单的修复更改

tsharkCall = ["tshark", "-a", "duration:2", "-i", "2"]
# to
tsharkCall = ["C:\Program Files\Wireshark\tshark.exe", "-a", "duration:2", "-i", "2"]
# and
tsharkProc = subprocess.Popen(tsharkCall,
                              bufsize=0,
                              executable="C:\Program Files\Wireshark\tshark.exe",
                              shell=True,
                              stdout=subprocess.PIPE,
                              stderr=subprocess.PIPE,
                              stdin=subprocess.PIPE)
# to
tsharkProc = subprocess.Popen(tsharkCall,
                              bufsize=0,
                              shell=True,
                              stdout=subprocess.PIPE,
                              stderr=subprocess.PIPE,
                              stdin=subprocess.PIPE)

问题是你用命令调用了 tshark 两次,另一次用 kwarg executable