search

KimiNewt / pyshark

Python wrapper for tshark, allowing python packet parsing using wireshark dissectors
MIT License
2.23k stars 422 forks source link

pyshark.FileCapture not reading all packets #354

Closed SBarradas closed 2 years ago

SBarradas commented 5 years ago

When I read the file with summaries_only=True I get 182618 packets. When I read it normally without the summary option, it only returns 23014 packets and gives me this error on the debug.

[2019-07-17 15:15:44.929107] DEBUG: FileCapture: Executable: C:/Program Files/Wireshark/tshark.exe [2019-07-17 15:15:44.955037] DEBUG: FileCapture: TShark subprocess created ** ERROR:C:\buildbot\wireshark\wireshark-3.0-64\windows-2016-x64\build\epan\print.c:1716:get_field_data: code should not be reached [2019-07-17 15:15:55.905837] DEBUG: FileCapture: EOF reached (sync)

I'm using python 3.7.3 pyshark 0.4.2.3

kcexn commented 5 years ago

if you run tshark on the command line and just display summaries does it give you the right number of packets?

i.e. in a unix environment try, in windows you'll want to count how many times '' is output to the console.

tshark -r $PCAP_FILE -T psml | grep -c '<packet>'
fight-think commented 4 years ago

I also meet this problem, I use the default parameters of FileCapture and It cannot parse all the packages but only part. So how do you fix this problem @SBarradas

fight-think commented 4 years ago

When I read the file with summaries_only=True I get 182618 packets. When I read it normally without the summary option, it only returns 23014 packets and gives me this error on the debug.

[2019-07-17 15:15:44.929107] DEBUG: FileCapture: Executable: C:/Program Files/Wireshark/tshark.exe [2019-07-17 15:15:44.955037] DEBUG: FileCapture: TShark subprocess created ** ERROR:C:\buildbot\wireshark\wireshark-3.0-64\windows-2016-x64\build\epan\print.c:1716:get_field_data: code should not be reached [2019-07-17 15:15:55.905837] DEBUG: FileCapture: EOF reached (sync)

I'm using python 3.7.3 pyshark 0.4.2.3

how do you fix this problem?

tarinnn commented 2 years ago

Facing the same issue with pyshark version 0.4.5

2022-01-27 16:56:53,163 - FileCapture - DEBUG - EOF reached (sync) TShark seems to have crashed (retcode: 2). Try rerunning in debug mode [ capture_obj.set_debug() ] or try updating tshark. Exception ignored in: <function Capture.del at 0x7fd4cd26caf0> Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/pyshark/capture/capture.py", line 445, in del self.close() File "/usr/local/lib/python3.8/dist-packages/pyshark/capture/capture.py", line 436, in close self.eventloop.run_until_complete(self.close_async()) File "/usr/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete return future.result() File "/usr/local/lib/python3.8/dist-packages/pyshark/capture/capture.py", line 440, in close_async await self._cleanup_subprocess(process) File "/usr/local/lib/python3.8/dist-packages/pyshark/capture/capture.py", line 431, in _cleanup_subprocess raise TSharkCrashException("TShark seems to have crashed (retcode: %d). " pyshark.capture.capture.TSharkCrashException: TShark seems to have crashed (retcode: 2). Try rerunning in debug mode [ capture_obj.set_debug() ] or try updating tshark.