search

KimiNewt / pyshark

Python wrapper for tshark, allowing python packet parsing using wireshark dissectors
MIT License
2.23k stars 422 forks source link

Pyshark Packet Summary Custom Fields #614

Closed fkerem closed 1 year ago

fkerem commented 1 year ago

Hi,

In Wireshark, we can add/remove columns to view in the summary line of the packet. I can also do the same thing on tshark using this command: tshark -T fields -e field1 -e field2 -r file.pcap The question is how can I do that with pyshark when using FileCapture?

I tried to do that using custom parameters:

custom_params_list = ['-T', 'fields', '-e', 'frame.number', '-e', 'frame.time_relative', '-e', 'ipv6.src', '-e', 'ipv6.dst', '-e', 'wpan.src64', '-e', 'wpan.dst64']

shark_cap_summaries = pyshark.FileCapture(input_file=sys.argv[1], only_summaries=True, custom_parameters=custom_params_list)

This translates to tshark command:

tshark -l -n -T psml -T fields -e frame.number -e frame.time_relative -e ipv6.src -e ipv6.dst -e wpan.src64 -e wpan.dst64 -e _ws.col.Protocol -e frame.len -e wpan.seq_no -e _ws.col.Info -r capture.pcap

However, I get no packets when looping through the file capture.

Any help is appreciated,

fkerem commented 1 year ago

I solved the issue with the solution here.

Thanks!