Skip to main content

Python/Twisted wrapper for tshark

Project description

Asynchronous TShark wrapper for Twisted.


txshark is based on pyshark.

As pyshark, it uses TShark (Wireshark command-line utility) to analyze network traffic by simply parsing the TShark pdml output (XML-based format).

Parsing TShark pdml output is not the most efficient way (in terms of performance) to analyze network traffic. It might not keep up with very heavy traffic. But it works very well to decode low/specific traffic (using a capture filter) and allows to take advantage of all the existing Wireshark dissectors.

This package provides a Twisted service to start and stop TShark. It allows a Twisted app to decode packets from a live network or a file.


  • Tool required:

    • TShark! (should be in your PATH)

  • Python packages required:

    • Twisted

    • lxml



Create a service that inherits from TsharkService and override the packetReceived method to handle incoming packets:

from twisted.python import log
from txshark import TsharkService

class SnifferService(TsharkService):

    def packetReceived(self, packet):
        """Override the TsharkService method"""
        log.msg("Packet received: {}".format(packet)

The interfaces to listen to should be given as a list of {"name": <name>, "filter": <filter>}. This allows to give a specific filter to each interface:

service = SnifferService(
    [{"name": "eth0", "filter": "tcp and port 8521"},
     {"name": "eth1", "filter": "tcp and port 8522"}])

To read packets from a captured file, just give the name of the file instead of the interface. If a filter is used in this case, it should be a display filter (syntax different from a capture filter):

service = SnifferService(
    [{"name": "test.pcap", "filter": "tcp.port == 8501"}])

The filter is optional in both case.

The service can be started with the startService method:


But as a Twisted Service, it is designed to be started automatically by a Twisted Application. Refer to Twisted documentation for more information.

Accessing packet data

Data can be accessed in multiple ways. Packets are divided into layers, first you have to reach the appropriate layer and then you can select your field.

All of the following work:


Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

txshark-0.1.0.tar.gz (8.1 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page