async def _get_tshark_process(self, packet_count=None, stdin=None): """ Returns a new tshark process with previously-set parameters. """ if self.use_json: output_type = 'json' if not self._tshark_version: self._tshark_version = get_tshark_version(self.tshark_path) if not tshark_supports_json(self._tshark_version): raise TSharkVersionException( "JSON only supported on Wireshark >= 2.2.0") else: output_type = 'psml' if self._only_summaries else 'pdml' parameters = [self._get_tshark_path(), '-l', '-n', '-T', output_type] + \ self.get_parameters(packet_count=packet_count) self._log.debug('Creating TShark subprocess with parameters: ' + ' '.join(parameters)) self._log.debug('Executable: %s' % parameters[0]) tshark_process = await asyncio.create_subprocess_exec( *parameters, stdout=subprocess.PIPE, stderr=self._stderr_output(), stdin=stdin) self._created_new_process(parameters, tshark_process) return tshark_process
def main(): parser = argparse.ArgumentParser() parser.add_argument('--pcap', help="path to pcap file" , type=str, required=True) parser.add_argument('--server-addr', help="IP address of the server" , type=str, required=True) parser.add_argument('--device-addr', help="IP address of the device" , type=str, required=True) parser.add_argument('--src-addr-field', help="source address field (Wireshark notation)" , type=str, required=False, default="wpan.src64") parser.add_argument('--dst-addr-field', help="destination address field (Wireshark notation)" , type=str, required=False, default="wpan.dst64") parser.add_argument('--tshark', help="path to tshark binary" , type=str, required=False) parser.add_argument('--mqtt-version', help="MQTT version to assume when parsing packets (possible options: 3.1, 3.1.1, 5.0)", type=str, required=False) parser.add_argument('--mqttsn-port', help="UDP port to parse as MQTT-SN", type=str, required=False) parser.add_argument('--check-totals', help="check if bytes correctly add up to the totals", dest='check_totals', action='store_true') parser.add_argument('--payload-analyser', help="name of module for payload analysis", type=str, required=False) parser.set_defaults(check_totals=False) args = parser.parse_args() print("Using tshark version {}".format(get_tshark_version(args.tshark))) # NOTE: The preference "mqtt.default_version" is only available starting from tshark version 3.3.0. Earlier versions of tshark will crash when the preference is set. if get_tshark_version(args.tshark) < LooseVersion("3.3.0"): args.mqtt_version = None analyser = TrafficAnalyser(args) print() print("####################") print("# Server → Device: #") print("####################") print() analyser.load_capture(args.pcap, False) analyser.analyse_capture() analyser.close_capture() analyser.print_analysis() if args.check_totals: analyser.check_totals() print() print("####################") print("# Device → Server: #") print("####################") print() analyser.reset() analyser.load_capture(args.pcap, True) analyser.analyse_capture() analyser.close_capture() analyser.print_analysis() if args.check_totals: analyser.check_totals()
def test_get_tshark_version(mock_check_output): mock_check_output.return_value = ( b'TShark 1.12.1 (Git Rev Unknown from unknown)\n\n'b'Copyright ' b'1998-2014 Gerald Combs <*****@*****.**> and contributors.\n' ) actual = get_tshark_version() expected = '1.12.1' assert actual == expected
def get_parameters(self, packet_count=None): """ Returns the special tshark parameters to be used according to the configuration of this class. """ tshark_version = get_tshark_version() if LooseVersion(tshark_version) >= LooseVersion("1.10.0"): display_filter_flag = '-Y' else: display_filter_flag = '-R' params = [] if self.display_filter: params += [display_filter_flag, self.display_filter] if packet_count: params += ['-c', str(packet_count)] if all(self.encryption): params += ['-o', 'wlan.enable_decryption:TRUE', '-o', 'uat:80211_keys:"' + self.encryption[1] + ' ","' + self.encryption[0] + '"'] return params
def get_parameters(self, packet_count=None): """ Returns the special tshark parameters to be used according to the configuration of this class. """ tshark_version = get_tshark_version() if LooseVersion(tshark_version) >= LooseVersion("1.10.0"): display_filter_flag = '-Y' else: display_filter_flag = '-R' params = [] if self.display_filter: params += [display_filter_flag, self.display_filter] if packet_count: params += ['-c', str(packet_count)] if all(self.encryption): params += [ '-o', 'wlan.enable_decryption:TRUE', '-o', 'uat:80211_keys:"' + self.encryption[1] + ' ","' + self.encryption[0] + '"' ] return params
async def _get_tshark_process(self, packet_count=None, stdin=None): """ Returns a new tshark process with previously-set parameters. """ if self.use_json: output_type = 'json' if not self._tshark_version: self._tshark_version = get_tshark_version(self.tshark_path) if not tshark_supports_json(self._tshark_version): raise TSharkVersionException("JSON only supported on Wireshark >= 2.2.0") else: output_type = 'psml' if self._only_summaries else 'pdml' parameters = [self._get_tshark_path(), '-l', '-n', '-T', output_type] + \ self.get_parameters(packet_count=packet_count) self._log.debug('Creating TShark subprocess with parameters: ' + ' '.join(parameters)) self._log.debug('Executable: %s' % parameters[0]) tshark_process = await asyncio.create_subprocess_exec(*parameters, stdout=subprocess.PIPE, stderr=self._stderr_output(), stdin=stdin) self._created_new_process(parameters, tshark_process) return tshark_process
def _get_tshark_version(self): if self.__tshark_version is None: self.__tshark_version = get_tshark_version(self.tshark_path) return self.__tshark_version