我正在尝试连续嗅探数据包,同时使用 PyShark 的
LiveCapturedisplay_filterimport pyshark
interf = "Wi-Fi"
capture = pyshark.LiveCapture(interface=interf, display_filter='tcp')
try:
for packet in capture.sniff_continuously():
print(packet)
except KeyboardInterrupt:
print("Capture stopped.")
现在添加 output_file 的参数后,什么也没有发生:
import pyshark
interf = "Wi-Fi"
capture = pyshark.LiveCapture(interface=interf, display_filter='tcp', output_file="HERE.pcap")
try:
for packet in capture.sniff_continuously():
print(packet)
except KeyboardInterrupt:
print("Capture stopped.")
目前使用
pyshark==0.6后面的代码将会失败,因为使用
display_filter时无法使用
output_file
import pyshark
network_interface = 'en0'
capture = pyshark.LiveCapture(interface=network_interface, display_filter='tcp', output_file="HERE.pcap")
try:
for packet in capture.sniff_continuously():
print(packet)
except KeyboardInterrupt:
print("Capture stopped.")
这是疑点:
2024-07-08 11:38:26,984 - LiveCapture - DEBUG - Creating Dumpcap subprocess with parameters: /usr/local/bin/dumpcap -q -i en0 -w -
2024-07-08 11:38:26,987 - LiveCapture - DEBUG - Dumpcap subprocess (pid 75408) created
2024-07-08 11:38:27,262 - LiveCapture - DEBUG - Creating TShark subprocess with parameters: /usr/local/bin/tshark -l -n -T pdml -Y tcp -w HERE.pcap -i -
2024-07-08 11:38:27,262 - LiveCapture - DEBUG - Executable: /usr/local/bin/tshark
2024-07-08 11:38:27,264 - LiveCapture - DEBUG - Capturing on 'Wi-Fi: en0'
2024-07-08 11:38:27,264 - LiveCapture - DEBUG - File: -
2024-07-08 11:38:27,264 - LiveCapture - DEBUG - TShark subprocess (pid 75422) created
2024-07-08 11:38:27,542 - LiveCapture - DEBUG - tshark: Display filters aren't supported when capturing and saving the captured packets.
2024-07-08 11:38:27,546 - LiveCapture - DEBUG - EOF reached (sync)
2024-07-08 11:38:27,546 - LiveCapture - DEBUG - Cleanup Subprocess (pid 75422)