Skip to main content

Python/Twisted wrapper for tshark

Project description

Asynchronous TShark wrapper for Twisted.

Introduction

txshark is based on pyshark.

As pyshark, it uses TShark (Wireshark command-line utility) to analyze network traffic by simply parsing the TShark pdml output (XML-based format).

Parsing TShark pdml output is not the most efficient way (in terms of performance) to analyze network traffic. It might not keep up with very heavy traffic. But it works very well to decode low/specific traffic (using a capture filter) and allows to take advantage of all the existing Wireshark dissectors.

This package provides a Twisted service to start and stop TShark. It allows a Twisted app to decode packets from a live network or a file.

Requirements

  • Tool required:
    • TShark! (should be in your PATH)
  • Python packages required:
    • Twisted
    • lxml

Usage

TsharkService

Create a service that inherits from TsharkService and override the packetReceived method to handle incoming packets:

from twisted.python import log
from txshark import TsharkService


class SnifferService(TsharkService):

    def packetReceived(self, packet):
        """Override the TsharkService method"""
        log.msg("Packet received: {}".format(packet)

The interfaces to listen to should be given as a list of {"name": <name>, "filter": <filter>}. This allows to give a specific filter to each interface:

service = SnifferService(
    [{"name": "eth0", "filter": "tcp and port 8521"},
     {"name": "eth1", "filter": "tcp and port 8522"}])

To read packets from a captured file, just give the name of the file instead of the interface. If a filter is used in this case, it should be a display filter (syntax different from a capture filter):

service = SnifferService(
    [{"name": "test.pcap", "filter": "tcp.port == 8501"}])

The filter is optional in both case.

The service can be started with the startService method:

service.startService()

But as a Twisted Service, it is designed to be started automatically by a Twisted Application. Refer to Twisted documentation for more information.

Accessing packet data

Data can be accessed in multiple ways. Packets are divided into layers, first you have to reach the appropriate layer and then you can select your field.

All of the following work:

packet['ip'].dst
>>> 192.168.0.1
packet.ip.src
>>> 192.168.0.100
packet[2].src
>>> 192.168.0.100

Project details


Release history Release notifications

This version
History Node

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
txshark-0.1.0.tar.gz (8.1 kB) Copy SHA256 hash SHA256 Source None Jul 23, 2014

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page