pyshark
pyshark copied to clipboard
KimiNewt
Passing custom parameters to LiveCapture
Thanks in advance for any support.
I noted from testing that the timeout feature of either:
capture.apply_on_packets(process_packets, timeout=timeout)
or
capture.sniff(timeout=timeout)
has a latency issue.
For instance this code has a timeout of 10 seconds, but the capture time is usually around 7.x and 9.3x seconds.
import time
import pyshark
import asyncio
import pandas as pd
packet_list = []
def process_packets(packet):
global packet_list
try:
packet_version = packet.layers[1].version
layer_name = packet.layers[2].layer_name
packet_list.append([packet_version, layer_name, packet.length, packet.sniff_time])
except AttributeError:
pass
def capture_packets(timeout):
start = ''
capture = pyshark.LiveCapture(interface='en0')
try:
start = time.time()
capture.apply_on_packets(process_packets, timeout=timeout)
except asyncio.TimeoutError:
pass
finally:
end = time.time()
print(end - start)
df = pd.DataFrame(packet_list, columns=['packet version', 'layer type', 'length', 'capture time'])
print(df['capture time'].iloc[-1] - df['capture time'].iloc[0])
def main():
capture_packets(10)
if __name__ == '__main__':
main()
output of timers:
10.014127016067505
0 days 00:00:09.400850
10.013386964797974
0 days 00:00:07.863730
etc.
I would like to reduce the difference between these 2 timers. I see that there are 2 ways to do this:
- pass custom parameters to dumpcap.
- pass customer parameters to tshark
The first one isn't doable base on Pyshark's current source code, but the second should be, but it throws an error.
capture = pyshark.LiveCapture(interface='en0', override_prefs={'': '-r'}, custom_parameters={'': '-a duration:10'})
So my question is how can I pass -a duration:10 via LiveCapture to tshark?
This command works on the command line:
tshark -a duration:10 -l -n -T pdml
