First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

tshark - get real time data for long run

Returning to 2013,

I have same issue as mentioned:

I'd like to use tshark (on win 7 machine) for long time running (not 24x7, but couple of hours) for extracting some data from my custom lua dissector. The computer where it is executed is a port monitor (i.e. there is a lot of non relevant traffic).

I'm using the filter options with -T fields and -e for attributes to send data to stdout (python will trigger start of the capture, get the tshark extracted fields and parse it for further process).

What is the best solution I have?

Is there some better solution to extract and import data to python?

BMWE's avatar
1
BMWE
asked 2021-01-29 11:25:20 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Limiting tsharks /tmp file uses pipes to address the issue in 2013 question.

pyshark may help with the python integration.

Chuckc's avatar
3k
Chuckc
answered 2021-01-29 15:46:53 +0000
edit flag offensive 0 remove flag delete link
more

Comments

I'm trying to use pyshark, but it is crashing: TShark seems to have crashed (retcode: 1). Do you have any idea what could be the issue?

BMWE's avatar BMWE (2021-02-04 17:58:11 +0000) edit
more
  • delete

After updating the files, it seems to work fine.

Chuckc's avatar Chuckc (2021-02-06 01:58:52 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer