search

KimiNewt / pyshark

Python wrapper for tshark, allowing python packet parsing using wireshark dissectors
MIT License
2.17k stars 414 forks source link

tshark crashes on cleanup #454

Open BMWE opened 3 years ago

BMWE commented 3 years ago 
import multiprocessing as mp
import pyshark
import pandas as pd
import time

def get_data(display_filter, df):

    cap = pyshark.LiveCapture(interface='1', 
                              display_filter=display_filter, 
                              debug=True)

    for packet1 in cap.sniff_continuously(packet_count=10):
        print(display_filter)
        print(len(packet1))    

if __name__ == '__main__':        
    df_sspd=pd.DataFrame()    
    get_data('ssdp',df_sspd)
    time.sleep(10)

I'm having wireshark 3.4.2.

And I have following error:

runfile('C:/Users/BMWE/.spyder-py3/untitled2.py', wdir='C:/Users/BMWE/.spyder-py3')
2021-02-02 09:07:10,419 - LiveCapture - DEBUG - Creating Dumpcap subprocess with parameters: C:/Program Files/Wireshark/dumpcap.exe -q -i 1 -w -
2021-02-02 09:07:10,419 - LiveCapture - DEBUG - Dumpcap subprocess created
2021-02-02 09:07:10,424 - LiveCapture - DEBUG - Creating TShark subprocess with parameters: C:/Program Files/Wireshark/tshark.exe -l -n -T pdml -Y ssdp -r -
2021-02-02 09:07:10,424 - LiveCapture - DEBUG - Executable: C:/Program Files/Wireshark/tshark.exe
2021-02-02 09:07:10,434 - LiveCapture - DEBUG - TShark subprocess created

Capturing on 'Ethernet 2'
File: -
ssdp
229
ssdp
229
Exception ignored in: <function Capture.__del__ at 0x000002618FCC0790>
Traceback (most recent call last):
  File "C:\Users\BMWE\anaconda3\lib\site-packages\pyshark\capture\capture.py", line 446, in __del__
    self.close()
  File "C:\Users\BMWE\anaconda3\lib\site-packages\pyshark\capture\capture.py", line 437, in close
    self.eventloop.run_until_complete(self.close_async())
  File "C:\Users\BMWE\anaconda3\lib\site-packages\nest_asyncio.py", line 96, in run_until_complete
    return f.result()
  File "C:\Users\BMWE\anaconda3\lib\asyncio\futures.py", line 178, in result
    raise self._exception
  File "C:\Users\BMWE\anaconda3\lib\asyncio\tasks.py", line 280, in __step
    result = coro.send(None)
  File "C:\Users\BMWE\anaconda3\lib\site-packages\pyshark\capture\capture.py", line 441, in close_async
    await self._cleanup_subprocess(process)
  File "C:\Users\BMWE\anaconda3\lib\site-packages\pyshark\capture\capture.py", line 432, in _cleanup_subprocess
    raise TSharkCrashException("TShark seems to have crashed (retcode: %d). "
pyshark.capture.capture.TSharkCrashException: TShark seems to have crashed (retcode: 1). Try rerunning in debug mode [ capture_obj.set_debug() ] or try updating tshark.
ssdp
426
ssdp
417
ssdp
426
ssdp
489
ssdp
481
ssdp
426
ssdp
465
ssdp
497
LiuZhipeng99 commented 3 years ago

same err!

BMWE commented 3 years ago

same err!

seems that the package in pypi is not updated one. I've downloaded the src from github and compared with pypi. After updating the files, it seems to work fine.

@KimiNewt , I think that you have to update the pypi with the updated package.

LiuZhipeng99 commented 3 years ago

But I have another problem after updating

 File "C:\Users\asus\AppData\Local\Programs\Python\Python36\lib\site-packages\pyshark-0.4.2.11-py3.6.egg\pyshark\tshark\tshark_xml.py", line 26, in packet_from_xml_packet
    xml_pkt = lxml.objectify.fromstring(xml_pkt, parser)
  File "src\lxml\objectify.pyx", line 1802, in lxml.objectify.fromstring
  File "src\lxml\etree.pyx", line 3211, in lxml.etree.fromstring
  File "src\lxml\parser.pxi", line 1877, in lxml.etree._parseMemoryDocument
  File "src\lxml\parser.pxi", line 1765, in lxml.etree._parseDoc
  File "src\lxml\parser.pxi", line 1127, in lxml.etree._BaseParser._parseDoc
  File "src\lxml\parser.pxi", line 601, in lxml.etree._ParserContext._handleParseResultDoc
  File "src\lxml\parser.pxi", line 711, in lxml.etree._handleParseResult
  File "src\lxml\parser.pxi", line 640, in lxml.etree._raiseParseError
  File "<string>", line 146
lxml.etree.XMLSyntaxError: Input is not proper UTF-8, indicate encoding !
Bytes: 0xE4 0x22 0x20 0x73, line 146, column 265
LiuZhipeng99 commented 3 years ago

lxml.etree.XMLSyntaxError: Input is not proper UTF-8, indicate encoding !

It seems to be the problem, that the incoming data (in XML format) is not encoded the right way and pyshark does not cast to 'UTF-8'. While debugging it posed that it appeared to be in 'latin-1'. added following line between line 26 + 27 in src\pyshark\tshark\tshark_xml.py:

xml_pkt = xml_pkt.decode('latin-1')

It worked.

misterzed88 commented 3 years ago

Looks to be a duplicate of issue #116. Created pull request #479 for a fix.