def test_get_tshark_interfaces(mock_check_output):
mock_check_output.return_value = (
b'1. wlan0\n2. any\n3. lo (Loopback)\n4. eth0\n5. docker0\n'
)
actual = get_tshark_interfaces()
expected = ['1', '2', '3', '4', '5']
assert actual == expected
def __init__(self, interface=None, bpf_filter=None, display_filter=None, only_summaries=False, decryption_key=None,
encryption_type='wpa-pwk', output_file=None, decode_as=None, tshark_path=None):
"""
Creates a new live capturer on a given interface. Does not start the actual capture itself.
:param interface: Name of the interface to sniff on or a list of names (str). If not given, runs on all interfaces.
:param bpf_filter: BPF filter to use on packets.
:param display_filter: Display (wireshark) filter to use.
:param only_summaries: Only produce packet summaries, much faster but includes very little information
:param decryption_key: Optional key used to encrypt and decrypt captured traffic.
:param encryption_type: Standard of encryption used in captured traffic (must be either 'WEP', 'WPA-PWD', or
'WPA-PWK'. Defaults to WPA-PWK).
:param tshark_path: Path of the tshark binary
:param output_file: Additionally save live captured packets to this file.
:param decode_as: A dictionary of {decode_criterion_string: decode_as_protocol} that are used to tell tshark
to decode protocols in situations it wouldn't usually, for instance {'tcp.port==8888': 'http'} would make
it attempt to decode any port 8888 traffic as HTTP. See tshark documentation for details.
"""
super(LiveCapture, self).__init__(display_filter=display_filter, only_summaries=only_summaries,
decryption_key=decryption_key, encryption_type=encryption_type,
output_file=output_file, decode_as=decode_as, tshark_path=tshark_path)
self.bpf_filter = bpf_filter
if interface is None:
self.interfaces = get_tshark_interfaces(tshark_path)
elif isinstance(interface, basestring):
self.interfaces = [interface]
else:
self.interfaces = interface
def __init__(self,
interface=None,
bpf_filter=None,
display_filter=None,
only_summaries=False,
decryption_key=None,
encryption_type='wpa-pwk',
output_file=None,
decode_as=None,
disable_protocol=None,
tshark_path=None,
override_prefs=None,
capture_filter=None,
monitor_mode=None,
use_json=False):
"""
Creates a new live capturer on a given interface. Does not start the actual capture itself.
:param interface: Name of the interface to sniff on or a list of names (str). If not given, runs on all interfaces.
:param bpf_filter: BPF filter to use on packets.
:param display_filter: Display (wireshark) filter to use.
:param only_summaries: Only produce packet summaries, much faster but includes very little information
:param decryption_key: Optional key used to encrypt and decrypt captured traffic.
:param encryption_type: Standard of encryption used in captured traffic (must be either 'WEP', 'WPA-PWD', or
'WPA-PWK'. Defaults to WPA-PWK).
:param output_file: Additionally save live captured packets to this file.
:param decode_as: A dictionary of {decode_criterion_string: decode_as_protocol} that are used to tell tshark
to decode protocols in situations it wouldn't usually, for instance {'tcp.port==8888': 'http'} would make
it attempt to decode any port 8888 traffic as HTTP. See tshark documentation for details.
:param tshark_path: Path of the tshark binary
:param override_prefs: A dictionary of tshark preferences to override, {PREFERENCE_NAME: PREFERENCE_VALUE, ...}.
:param capture_filter: Capture (wireshark) filter to use.
:param disable_protocol: Tells tshark to remove a dissector for a specifc protocol.
:param use_json: Uses tshark in JSON mode (EXPERIMENTAL). It is a good deal faster than XML
but also has less information. Available from Wireshark 2.2.0.
"""
super(LiveCapture, self).__init__(display_filter=display_filter,
only_summaries=only_summaries,
decryption_key=decryption_key,
encryption_type=encryption_type,
output_file=output_file,
decode_as=decode_as,
disable_protocol=disable_protocol,
tshark_path=tshark_path,
override_prefs=override_prefs,
capture_filter=capture_filter,
use_json=use_json)
self.bpf_filter = bpf_filter
self.monitor_mode = monitor_mode
if sys.platform == 'win32' and monitor_mode:
raise WindowsError(
'Monitor mode is not supported by the Windows platform')
if interface is None:
self.interfaces = get_tshark_interfaces(tshark_path)
elif isinstance(interface, str):
self.interfaces = [interface]
else:
self.interfaces = interface
def __init__(self,
interface=None,
bpf_filter=None,
display_filter=None,
only_summaries=False,
decryption_key=None,
encryption_type='wpa-pwk'):
"""
Creates a new live capturer on a given interface. Does not start the actual capture itself.
:param interface: Name of the interface to sniff on. If not given, takes the first available.
:param bpf_filter: BPF filter to use on packets.
:param display_filter: Display (wireshark) filter to use.
:param only_summaries: Only produce packet summaries, much faster but includes very little information
:param decryption_key: Optional key used to encrypt and decrypt captured traffic.
:param encryption_type: Standard of encryption used in captured traffic (must be either 'WEP', 'WPA-PWD', or
'WPA-PWK'. Defaults to WPA-PWK).
"""
super(LiveCapture, self).__init__(display_filter=display_filter,
only_summaries=only_summaries,
decryption_key=decryption_key,
encryption_type=encryption_type)
self.bpf_filter = bpf_filter
if interface is None:
self.interfaces = get_tshark_interfaces()
else:
self.interfaces = [interface]
def __init__(self, interface=None, bpf_filter=None, display_filter=None, only_summaries=False):
"""
Creates a new live capturer on a given interface. Does not start the actual capture itself.
:param interface: Name of the interface to sniff on. If not given, takes the first available.
:param bpf_filter: BPF filter to use on packets.
:param display_filter: Display (wireshark) filter to use.
:param only_summaries: Only produce packet summaries, much faster but includes very little information
"""
super(LiveCapture, self).__init__(display_filter=display_filter, only_summaries=only_summaries)
self.bpf_filter = bpf_filter
if interface is None:
self.interfaces = get_tshark_interfaces()
else:
self.interfaces = [interface]
def __init__(self, interface=None, bpf_filter=None, display_filter=None, only_summaries=False, decryption_key=None,
encryption_type='wpa-pwk', output_file=None, decode_as=None, disable_protocol=None, tshark_path=None,
override_prefs=None, capture_filter=None, monitor_mode=None, use_json=False, include_raw=False,
eventloop=None, custom_parameters=None):
"""
Creates a new live capturer on a given interface. Does not start the actual capture itself.
:param interface: Name of the interface to sniff on or a list of names (str). If not given, runs on all interfaces.
:param bpf_filter: BPF filter to use on packets.
:param display_filter: Display (wireshark) filter to use.
:param only_summaries: Only produce packet summaries, much faster but includes very little information
:param decryption_key: Optional key used to encrypt and decrypt captured traffic.
:param encryption_type: Standard of encryption used in captured traffic (must be either 'WEP', 'WPA-PWD', or
'WPA-PWK'. Defaults to WPA-PWK).
:param output_file: Additionally save live captured packets to this file.
:param decode_as: A dictionary of {decode_criterion_string: decode_as_protocol} that are used to tell tshark
to decode protocols in situations it wouldn't usually, for instance {'tcp.port==8888': 'http'} would make
it attempt to decode any port 8888 traffic as HTTP. See tshark documentation for details.
:param tshark_path: Path of the tshark binary
:param override_prefs: A dictionary of tshark preferences to override, {PREFERENCE_NAME: PREFERENCE_VALUE, ...}.
:param capture_filter: Capture (wireshark) filter to use.
:param disable_protocol: Tells tshark to remove a dissector for a specifc protocol.
:param use_json: Uses tshark in JSON mode (EXPERIMENTAL). It is a good deal faster than XML
but also has less information. Available from Wireshark 2.2.0.
:param custom_parameters: A dict of custom parameters to pass to tshark, i.e. {"--param": "value"}
"""
super(LiveCapture, self).__init__(display_filter=display_filter, only_summaries=only_summaries,
decryption_key=decryption_key, encryption_type=encryption_type,
output_file=output_file, decode_as=decode_as, disable_protocol=disable_protocol,
tshark_path=tshark_path, override_prefs=override_prefs,
capture_filter=capture_filter, use_json=use_json, include_raw=include_raw,
eventloop=eventloop, custom_parameters=custom_parameters)
self.bpf_filter = bpf_filter
self.monitor_mode = monitor_mode
if sys.platform == 'win32' and monitor_mode:
raise WindowsError('Monitor mode is not supported by the Windows platform')
if interface is None:
self.interfaces = get_tshark_interfaces(tshark_path)
elif isinstance(interface, basestring):
self.interfaces = [interface]
else:
self.interfaces = interface
def __init__(self, interface=None, bpf_filter=None, display_filter=None, only_summaries=False, decryption_key=None,
encryption_type='wpa-pwk'):
"""
Creates a new live capturer on a given interface. Does not start the actual capture itself.
:param interface: Name of the interface to sniff on. If not given, takes the first available.
:param bpf_filter: BPF filter to use on packets.
:param display_filter: Display (wireshark) filter to use.
:param only_summaries: Only produce packet summaries, much faster but includes very little information
:param decryption_key: Optional key used to encrypt and decrypt captured traffic.
:param encryption_type: Standard of encryption used in captured traffic (must be either 'WEP', 'WPA-PWD', or
'WPA-PWK'. Defaults to WPA-PWK).
"""
super(LiveCapture, self).__init__(display_filter=display_filter, only_summaries=only_summaries,
decryption_key=decryption_key, encryption_type=encryption_type)
self.bpf_filter = bpf_filter
if interface is None:
self.interfaces = get_tshark_interfaces()
else:
self.interfaces = [interface]
