async def _get_tshark_process(self, packet_count=None, stdin=None):
"""
Returns a new tshark process with previously-set parameters.
"""
if self.use_json:
output_type = 'json'
if not self._tshark_version:
self._tshark_version = get_tshark_version(self.tshark_path)
if not tshark_supports_json(self._tshark_version):
raise TSharkVersionException(
"JSON only supported on Wireshark >= 2.2.0")
else:
output_type = 'psml' if self._only_summaries else 'pdml'
parameters = [self._get_tshark_path(), '-l', '-n', '-T', output_type] + \
self.get_parameters(packet_count=packet_count)
self._log.debug('Creating TShark subprocess with parameters: ' +
' '.join(parameters))
self._log.debug('Executable: %s' % parameters[0])
tshark_process = await asyncio.create_subprocess_exec(
*parameters,
stdout=subprocess.PIPE,
stderr=self._stderr_output(),
stdin=stdin)
self._created_new_process(parameters, tshark_process)
return tshark_process
def main():
parser = argparse.ArgumentParser()
parser.add_argument('--pcap', help="path to pcap file" , type=str, required=True)
parser.add_argument('--server-addr', help="IP address of the server" , type=str, required=True)
parser.add_argument('--device-addr', help="IP address of the device" , type=str, required=True)
parser.add_argument('--src-addr-field', help="source address field (Wireshark notation)" , type=str, required=False, default="wpan.src64")
parser.add_argument('--dst-addr-field', help="destination address field (Wireshark notation)" , type=str, required=False, default="wpan.dst64")
parser.add_argument('--tshark', help="path to tshark binary" , type=str, required=False)
parser.add_argument('--mqtt-version', help="MQTT version to assume when parsing packets (possible options: 3.1, 3.1.1, 5.0)", type=str, required=False)
parser.add_argument('--mqttsn-port', help="UDP port to parse as MQTT-SN", type=str, required=False)
parser.add_argument('--check-totals', help="check if bytes correctly add up to the totals", dest='check_totals', action='store_true')
parser.add_argument('--payload-analyser', help="name of module for payload analysis", type=str, required=False)
parser.set_defaults(check_totals=False)
args = parser.parse_args()
print("Using tshark version {}".format(get_tshark_version(args.tshark)))
# NOTE: The preference "mqtt.default_version" is only available starting from tshark version 3.3.0. Earlier versions of tshark will crash when the preference is set.
if get_tshark_version(args.tshark) < LooseVersion("3.3.0"):
args.mqtt_version = None
analyser = TrafficAnalyser(args)
print()
print("####################")
print("# Server → Device: #")
print("####################")
print()
analyser.load_capture(args.pcap, False)
analyser.analyse_capture()
analyser.close_capture()
analyser.print_analysis()
if args.check_totals:
analyser.check_totals()
print()
print("####################")
print("# Device → Server: #")
print("####################")
print()
analyser.reset()
analyser.load_capture(args.pcap, True)
analyser.analyse_capture()
analyser.close_capture()
analyser.print_analysis()
if args.check_totals:
analyser.check_totals()
def test_get_tshark_version(mock_check_output):
mock_check_output.return_value = (
b'TShark 1.12.1 (Git Rev Unknown from unknown)\n\n'b'Copyright '
b'1998-2014 Gerald Combs <*****@*****.**> and contributors.\n'
)
actual = get_tshark_version()
expected = '1.12.1'
assert actual == expected
def get_parameters(self, packet_count=None):
"""
Returns the special tshark parameters to be used according to the configuration of this class.
"""
tshark_version = get_tshark_version()
if LooseVersion(tshark_version) >= LooseVersion("1.10.0"):
display_filter_flag = '-Y'
else:
display_filter_flag = '-R'
params = []
if self.display_filter:
params += [display_filter_flag, self.display_filter]
if packet_count:
params += ['-c', str(packet_count)]
if all(self.encryption):
params += ['-o', 'wlan.enable_decryption:TRUE', '-o', 'uat:80211_keys:"' + self.encryption[1] + ' ","' +
self.encryption[0] + '"']
return params
def get_parameters(self, packet_count=None):
"""
Returns the special tshark parameters to be used according to the configuration of this class.
"""
tshark_version = get_tshark_version()
if LooseVersion(tshark_version) >= LooseVersion("1.10.0"):
display_filter_flag = '-Y'
else:
display_filter_flag = '-R'
params = []
if self.display_filter:
params += [display_filter_flag, self.display_filter]
if packet_count:
params += ['-c', str(packet_count)]
if all(self.encryption):
params += [
'-o', 'wlan.enable_decryption:TRUE', '-o', 'uat:80211_keys:"' +
self.encryption[1] + ' ","' + self.encryption[0] + '"'
]
return params
async def _get_tshark_process(self, packet_count=None, stdin=None):
"""
Returns a new tshark process with previously-set parameters.
"""
if self.use_json:
output_type = 'json'
if not self._tshark_version:
self._tshark_version = get_tshark_version(self.tshark_path)
if not tshark_supports_json(self._tshark_version):
raise TSharkVersionException("JSON only supported on Wireshark >= 2.2.0")
else:
output_type = 'psml' if self._only_summaries else 'pdml'
parameters = [self._get_tshark_path(), '-l', '-n', '-T', output_type] + \
self.get_parameters(packet_count=packet_count)
self._log.debug('Creating TShark subprocess with parameters: ' + ' '.join(parameters))
self._log.debug('Executable: %s' % parameters[0])
tshark_process = await asyncio.create_subprocess_exec(*parameters,
stdout=subprocess.PIPE,
stderr=self._stderr_output(),
stdin=stdin)
self._created_new_process(parameters, tshark_process)
return tshark_process
def _get_tshark_version(self):
if self.__tshark_version is None:
self.__tshark_version = get_tshark_version(self.tshark_path)
return self.__tshark_version