Python pyshark.LiveCapture() Examples
The following are 8
code examples of pyshark.LiveCapture().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
pyshark
, or try the search function
.
.
Example #1
| Source File: utils.py From HoneyBot with MIT License | 6 votes |
|
def capture_on_interface(interface, name, timeout=60):
"""
:param interface: The name of the interface on which to capture traffic
:param name: The name of the capture file
:param timeout: A limit in seconds specifying how long to capture traffic
"""
if timeout < 15:
logger.error("Timeout must be over 15 seconds.")
return
if not sys.warnoptions:
warnings.simplefilter("ignore")
start = time.time()
widgets = [
progressbar.Bar(marker=progressbar.RotatingMarker()),
' ',
progressbar.FormatLabel('Packets Captured: %(value)d'),
' ',
progressbar.Timer(),
]
progress = progressbar.ProgressBar(widgets=widgets)
capture = pyshark.LiveCapture(interface=interface, output_file=os.path.join('tmp', name))
pcap_size = 0
for i, packet in enumerate(capture.sniff_continuously()):
progress.update(i)
if os.path.getsize(os.path.join('tmp', name)) != pcap_size:
pcap_size = os.path.getsize(os.path.join('tmp', name))
if not isinstance(packet, pyshark.packet.packet.Packet):
continue
if time.time() - start > timeout:
break
if pcap_size > const.PT_MAX_BYTES:
break
capture.clear()
capture.close()
return pcap_size
Example #2
| Source File: pcap_sniffer.py From black-widow with GNU General Public License v3.0 | 6 votes |
|
def __init__(
self,
filters: str = None,
src_file: str = None,
dest_file: str = None,
interfaces: list = None,
limit_length: int = None,
pkt_count: int = None,
callback=None
):
"""
Packet capture method
:param filters: https://wiki.wireshark.org/DisplayFilters
:param src_file: Il file .pcap da cui leggere i pacchetti ascoltati (o None, per Live sniffing)
:param dest_file: Il file in cui scrivere il .pcap dei pacchetti ascoltati (o None)
:param interfaces: The list of interfaces to sniff (or None, to sniff all interfaces)
:param limit_length: The limit length of each packet field (they will be truncated), or None
:param pkt_count: Max packets to sniff, or None
:param callback: The callback method to call (or None) (@see PcapSniffer._user_callback_example)
"""
if not PcapSniffer.is_executable():
raise RuntimeError('Unable to execute pcap sniffer')
self.count = 0 # Sniffed packets
self.max_count = pkt_count
# Prevents the mac manufacturer lookup sniffing
self.filters = PcapSniffer._get_filters(filters)
self.src_file = src_file
self.dest_file = dest_file
self.limit_length = limit_length
self.user_callback = callback
self.interfaces = interfaces
Log.info('Analyzing filters: ' + str(self.filters))
if self.src_file is not None:
Log.info('Analyzing file: ' + self.src_file)
self._capture = pyshark.FileCapture(
input_file=self.src_file,
display_filter=self.filters,
output_file=self.dest_file,
# include_raw=True,
# use_json=True
# debug=APP_DEBUG
)
else:
Log.info('Analyzing live traffic')
self._capture = pyshark.LiveCapture(
interface=self.interfaces,
display_filter=self.filters,
output_file=self.dest_file,
# include_raw=True,
# use_json=True
# debug=APP_DEBUG
)
Example #3
| Source File: scanner.py From aztarna with GNU General Public License v3.0 | 6 votes |
|
def scan_passive(self, interface: str):
for pkg in pyshark.LiveCapture(interface=interface, display_filter='rtps'):
print(pkg)
Example #4
| Source File: utils.py From HoneyBot with MIT License | 5 votes |
|
def listen_on_interface(interface, timeout=60):
"""
:param interface: The name of the interface on which to capture traffic
:return: generator containing live packets
"""
start = time.time()
capture = pyshark.LiveCapture(interface=interface)
for item in capture.sniff_continuously():
if timeout and time.time() - start > timeout:
break
yield item
Example #5
| Source File: feeder_tshark.py From attack_monitor with GNU General Public License v3.0 | 5 votes |
|
def run(self):
INTERFACE_NAME = self.get_config_option("network_interface")
if INTERFACE_NAME is None:
print("You didn't specify network_inteface in configuration file for feeder_tshark plugin.")
sys.exit(0)
elif INTERFACE_NAME == "any":
INTERFACE_NAME = None
try:
cap = pyshark.LiveCapture(interface=INTERFACE_NAME, bpf_filter="udp port 53")
# NOT WORKING
except Exception:
print("Cannot start capturing events with tshark. Interface choosen: {}".format(INTERFACE_NAME))
sys.exit(0)
try:
for packet in cap.sniff_continuously():
pass_mq = mq(packet, TYPE_NETWORK_PACKET, self.getName(), NiceDate.naive_datetime_localize(packet.sniff_time), generate_mq_key(packet, None), None)
self.add_to_ultra_mq(pass_mq)
self.global_break()
# NOT WORKING
except Exception as ts:
print("Error when capturing events with tshark. Interface choosen: {}".format(INTERFACE_NAME))
print(ts)
sys.exit(0)
# 'add_field', 'all_fields', 'alternate_fields', 'base16_value', 'binary_value',
# 'capitalize', 'center', 'count', 'decode', 'encode', 'endswith',
# 'expandtabs', 'fields', 'find', 'format', 'get_default_value',
# 'hex_value', 'hide', 'index', 'int_value', 'isalnum', 'isalpha',
# 'isdigit', 'islower', 'isspace', 'istitle', 'isupper', 'join',
# 'ljust', 'lower', 'lstrip', 'main_field', 'name', 'partition',
# 'pos', 'raw_value', 'replace', 'rfind', 'rindex', 'rjust',
# 'rpartition', 'rsplit', 'rstrip', 'show', 'showname',
# 'showname_key', 'showname_value', 'size', 'split',
# 'splitlines', 'startswith', 'strip', 'swapcase',
# 'title', 'translate', 'unmaskedvalue', 'upper',
# 'zfill']
Example #6
| Source File: dcept.py From dcept with GNU General Public License v3.0 | 5 votes |
|
def kerbsniff(interface, username, domain, realm):
logging.info("kerbsniff: Looking for %s\%s on %s" % (domain,username,interface))
filtered_cap = pyshark.LiveCapture(interface, bpf_filter='tcp port 88')
packet_iterator = filtered_cap.sniff_continuously
# Loop infinitely over packets if in continuous mode
for packet in packet_iterator():
# Is this packet kerberos?
kp = None
encTimestamp = None
try:
kp = packet['kerberos']
# Extract encrypted timestamp for Kerberos Preauthentication packets
# that conatin honeytoken domain\username
encTimestamp = kerb_handler(kp,domain,username)
except KeyError as e:
pass
# Only attempt to decrypt a password or notify master if we find an encrypted timestamp
if encTimestamp:
if config.master_node:
notifyMaster(username, domain, encTimestamp)
else:
cracker.enqueueJob(username, domain, encTimestamp, passwordHit)
Example #7
| Source File: generic_sniffer.py From peniot with MIT License | 5 votes |
|
def start_live_capture(self):
"""
Start capture procedure of packets over listener
:return: None since captured packets are saved internally
"""
capture = pyshark.LiveCapture(interface=self.interface, use_json=self.use_json, include_raw=self.include_raw,
output_file=self.output_pcap_filename, display_filter=self.display_filter)
capture.sniff(timeout=self.timeout)
self.captured_packets = capture._packets
logger.info("{0} packets are captured.".format(len(self.captured_packets)))
capture.close()
Example #8
| Source File: metrics.py From PySyft with Apache License 2.0 | 4 votes |
|
def get_packets(
timeout=50,
interface=None,
bpf_filter=None,
display_filter="tcp.port == 80",
tshark_path=None,
output_file=None,
):
"""
Returns the captured packets of the transmitted data using Wireshark.
Args:
timeout: An integer. Set for sniffing with tshark. Default to 50 seconds in this setup.
interface: A string. Name of the interface to sniff on.
bpf_filter: A string. The capture filter in bpf syntax 'tcp port 80'. Needs to be changed
to match filter for the traffic sent. Not to be confused with the display
filters (e.g. tcp.port == 80). The former are much more limited and is used to
restrict the size of a raw packet capture, whereas the latter is used to hide
some packets from the packet list. More info can be found at
https://wiki.wireshark.org/CaptureFilters.
display_filter: A string. Default to 'tcp.port == 80' (assuming this is the port of the
'WebsocketClientWorker'). Please see notes for 'bpf_filter' for details
regarding differences. More info can be found at
https://wiki.wireshark.org/DisplayFilters.
tshark_path: Path to the tshark binary. E.g. '/usr/local/bin/tshark'.
output_file: A string. Path including the output file name is to saved.
E.g. '/tmp/mycapture.cap'
Returns:
catpure: A 'pyshark.capture.live_capture.LiveCapture' object. Of packets sent
over WebSockets.
length: An integer. The number of packets captured at the network interface.
"""
capture_output = []
if interface is None:
raise Exception("Please provide the interface used.")
else:
capture = pyshark.LiveCapture(
interface=interface,
bpf_filter=bpf_filter,
tshark_path=tshark_path,
output_file=output_file,
)
capture.sniff(timeout=timeout)
length = len(capture)
return capture, length
