This repository contains usage documentation for the Python module PyShark. This Python module is a wrapper for TShark, which is command-line interface (CLI) for Wireshark. The latter is used to sniff and capture packets from a network interface. The real power of PyShark is its capability to access all of the packet decoders built into TShark.
This repository also contains some basic parsing examples, which are also contained in the usage documentation that I developed for PyShark.
import pyshark
# Create a LiveCapture object to capture packets from the specified interface
capture = pyshark.LiveCapture(interface='your capture interface')
for packet in capture:
# do something with the packet
PyShark LiveCapture has a featured named sniff_continuously that allows you to limit the number of packets captured.
import pyshark
# Create a LiveCapture object to capture packets from the specified interface
capture = pyshark.LiveCapture(interface='your capture interface')
# Start capturing packets for a specified number of packets
for packet in capture.sniff_continuously(packet_count=10):
# do something with the packetPyShark LiveCapture also has a featured named sniff that allows you to set a capture timeout period.
import pyshark
# Create a LiveCapture object to capture packets from the specified interface
capture = pyshark.LiveCapture(interface='your capture interface')
# Start capturing packets for a specified duration (in seconds)
capture.sniff(timeout=10)
packets = [pkt for pkt in capture._packets]
capture.close()
for packet in packets:
# do something with the packetThe PyShark LiveCapture mode has a BPF_Filter that allows you to prefilter the packets being captured. The example below show how to parse Domain Name System (DNS) packets from a LiveCapture session.
import pyshark
# Create a LiveCapture object to capture packets from the specified interface with a bpf_filter
capture = pyshark.LiveCapture(interface='your capture interface', bpf_filter='udp port 53')
for packet in capture:
# do something with the packetThe PyShark LiveCapture mode has a Display_Filter that allows you to prefilter the packets being captured. The example below show how to parse Domain Name System (DNS) packets from a LiveCapture session.
import pyshark
# Create a LiveCapture object to capture packets from the specified interface with a display_filter
capture = pyshark.LiveCapture(interface='your capture interface', display_filter='dns')
for packet in capture:
# do something with the packet
Here are some additional parsing examples within this repository.
Here are some additional parsing examples that I posted to GitHub Gist.
Here are some Stack Overflow answers that I posted for questions about PyShark.
TShark has to be installed and accessible via your $PATH, which Python queries for PyShark. Reference the installation section of the usage documentation for details on how to install TShark.
-
PyShark: Is the Python. wrapper for TShark., that allows Python. packet parsing using Wireshark. dissectors.
-
TShark: TShark. is a terminal oriented version of Wireshark. designed for capturing and displaying packets when an interactive user interface isn't necessary or available.
-
Wireshark: Wireshark is a network packet analysis tool that captures packets in real time and displays them in a graphic interface.
-
Homebrew: Package Manager for macOS and Linux.
PyShark has limited documentation, so that is the reason why I developed the PyShark usage documentation within this repository for others to use.
The code within this repository is not production ready. It was strictly designed for experimental testing purposes only.