本文整理汇总了Python中pyshark.LiveCapture方法的典型用法代码示例。如果您正苦于以下问题:Python pyshark.LiveCapture方法的具体用法?Python pyshark.LiveCapture怎么用?Python pyshark.LiveCapture使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类pyshark的用法示例。
在下文中一共展示了pyshark.LiveCapture方法的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: capture_on_interface
# 需要导入模块: import pyshark [as 别名]
# 或者: from pyshark import LiveCapture [as 别名]
def capture_on_interface(interface, name, timeout=60):
"""
:param interface: The name of the interface on which to capture traffic
:param name: The name of the capture file
:param timeout: A limit in seconds specifying how long to capture traffic
"""
if timeout < 15:
logger.error("Timeout must be over 15 seconds.")
return
if not sys.warnoptions:
warnings.simplefilter("ignore")
start = time.time()
widgets = [
progressbar.Bar(marker=progressbar.RotatingMarker()),
' ',
progressbar.FormatLabel('Packets Captured: %(value)d'),
' ',
progressbar.Timer(),
]
progress = progressbar.ProgressBar(widgets=widgets)
capture = pyshark.LiveCapture(interface=interface, output_file=os.path.join('tmp', name))
pcap_size = 0
for i, packet in enumerate(capture.sniff_continuously()):
progress.update(i)
if os.path.getsize(os.path.join('tmp', name)) != pcap_size:
pcap_size = os.path.getsize(os.path.join('tmp', name))
if not isinstance(packet, pyshark.packet.packet.Packet):
continue
if time.time() - start > timeout:
break
if pcap_size > const.PT_MAX_BYTES:
break
capture.clear()
capture.close()
return pcap_size 示例2: listen_on_interface
# 需要导入模块: import pyshark [as 别名]
# 或者: from pyshark import LiveCapture [as 别名]
def listen_on_interface(interface, timeout=60):
"""
:param interface: The name of the interface on which to capture traffic
:return: generator containing live packets
"""
start = time.time()
capture = pyshark.LiveCapture(interface=interface)
for item in capture.sniff_continuously():
if timeout and time.time() - start > timeout:
break
yield item 示例3: run
# 需要导入模块: import pyshark [as 别名]
# 或者: from pyshark import LiveCapture [as 别名]
def run(self):
INTERFACE_NAME = self.get_config_option("network_interface")
if INTERFACE_NAME is None:
print("You didn't specify network_inteface in configuration file for feeder_tshark plugin.")
sys.exit(0)
elif INTERFACE_NAME == "any":
INTERFACE_NAME = None
try:
cap = pyshark.LiveCapture(interface=INTERFACE_NAME, bpf_filter="udp port 53")
# NOT WORKING
except Exception:
print("Cannot start capturing events with tshark. Interface choosen: {}".format(INTERFACE_NAME))
sys.exit(0)
try:
for packet in cap.sniff_continuously():
pass_mq = mq(packet, TYPE_NETWORK_PACKET, self.getName(), NiceDate.naive_datetime_localize(packet.sniff_time), generate_mq_key(packet, None), None)
self.add_to_ultra_mq(pass_mq)
self.global_break()
# NOT WORKING
except Exception as ts:
print("Error when capturing events with tshark. Interface choosen: {}".format(INTERFACE_NAME))
print(ts)
sys.exit(0)
# 'add_field', 'all_fields', 'alternate_fields', 'base16_value', 'binary_value',
# 'capitalize', 'center', 'count', 'decode', 'encode', 'endswith',
# 'expandtabs', 'fields', 'find', 'format', 'get_default_value',
# 'hex_value', 'hide', 'index', 'int_value', 'isalnum', 'isalpha',
# 'isdigit', 'islower', 'isspace', 'istitle', 'isupper', 'join',
# 'ljust', 'lower', 'lstrip', 'main_field', 'name', 'partition',
# 'pos', 'raw_value', 'replace', 'rfind', 'rindex', 'rjust',
# 'rpartition', 'rsplit', 'rstrip', 'show', 'showname',
# 'showname_key', 'showname_value', 'size', 'split',
# 'splitlines', 'startswith', 'strip', 'swapcase',
# 'title', 'translate', 'unmaskedvalue', 'upper',
# 'zfill'] 示例4: scan_passive
# 需要导入模块: import pyshark [as 别名]
# 或者: from pyshark import LiveCapture [as 别名]
def scan_passive(self, interface: str):
for pkg in pyshark.LiveCapture(interface=interface, display_filter='rtps'):
print(pkg) 示例5: kerbsniff
# 需要导入模块: import pyshark [as 别名]
# 或者: from pyshark import LiveCapture [as 别名]
def kerbsniff(interface, username, domain, realm):
logging.info("kerbsniff: Looking for %s\%s on %s" % (domain,username,interface))
filtered_cap = pyshark.LiveCapture(interface, bpf_filter='tcp port 88')
packet_iterator = filtered_cap.sniff_continuously
# Loop infinitely over packets if in continuous mode
for packet in packet_iterator():
# Is this packet kerberos?
kp = None
encTimestamp = None
try:
kp = packet['kerberos']
# Extract encrypted timestamp for Kerberos Preauthentication packets
# that conatin honeytoken domain\username
encTimestamp = kerb_handler(kp,domain,username)
except KeyError as e:
pass
# Only attempt to decrypt a password or notify master if we find an encrypted timestamp
if encTimestamp:
if config.master_node:
notifyMaster(username, domain, encTimestamp)
else:
cracker.enqueueJob(username, domain, encTimestamp, passwordHit) 示例6: start_live_capture
# 需要导入模块: import pyshark [as 别名]
# 或者: from pyshark import LiveCapture [as 别名]
def start_live_capture(self):
"""
Start capture procedure of packets over listener
:return: None since captured packets are saved internally
"""
capture = pyshark.LiveCapture(interface=self.interface, use_json=self.use_json, include_raw=self.include_raw,
output_file=self.output_pcap_filename, display_filter=self.display_filter)
capture.sniff(timeout=self.timeout)
self.captured_packets = capture._packets
logger.info("{0} packets are captured.".format(len(self.captured_packets)))
capture.close() 示例7: get_packets
# 需要导入模块: import pyshark [as 别名]
# 或者: from pyshark import LiveCapture [as 别名]
def get_packets(
timeout=50,
interface=None,
bpf_filter=None,
display_filter="tcp.port == 80",
tshark_path=None,
output_file=None,
):
"""
Returns the captured packets of the transmitted data using Wireshark.
Args:
timeout: An integer. Set for sniffing with tshark. Default to 50 seconds in this setup.
interface: A string. Name of the interface to sniff on.
bpf_filter: A string. The capture filter in bpf syntax 'tcp port 80'. Needs to be changed
to match filter for the traffic sent. Not to be confused with the display
filters (e.g. tcp.port == 80). The former are much more limited and is used to
restrict the size of a raw packet capture, whereas the latter is used to hide
some packets from the packet list. More info can be found at
https://wiki.wireshark.org/CaptureFilters.
display_filter: A string. Default to 'tcp.port == 80' (assuming this is the port of the
'WebsocketClientWorker'). Please see notes for 'bpf_filter' for details
regarding differences. More info can be found at
https://wiki.wireshark.org/DisplayFilters.
tshark_path: Path to the tshark binary. E.g. '/usr/local/bin/tshark'.
output_file: A string. Path including the output file name is to saved.
E.g. '/tmp/mycapture.cap'
Returns:
catpure: A 'pyshark.capture.live_capture.LiveCapture' object. Of packets sent
over WebSockets.
length: An integer. The number of packets captured at the network interface.
"""
capture_output = []
if interface is None:
raise Exception("Please provide the interface used.")
else:
capture = pyshark.LiveCapture(
interface=interface,
bpf_filter=bpf_filter,
tshark_path=tshark_path,
output_file=output_file,
)
capture.sniff(timeout=timeout)
length = len(capture)
return capture, length 示例8: __init__
# 需要导入模块: import pyshark [as 别名]
# 或者: from pyshark import LiveCapture [as 别名]
def __init__(
self,
filters: str = None,
src_file: str = None,
dest_file: str = None,
interfaces: list = None,
limit_length: int = None,
pkt_count: int = None,
callback=None
):
"""
Packet capture method
:param filters: https://wiki.wireshark.org/DisplayFilters
:param src_file: Il file .pcap da cui leggere i pacchetti ascoltati (o None, per Live sniffing)
:param dest_file: Il file in cui scrivere il .pcap dei pacchetti ascoltati (o None)
:param interfaces: The list of interfaces to sniff (or None, to sniff all interfaces)
:param limit_length: The limit length of each packet field (they will be truncated), or None
:param pkt_count: Max packets to sniff, or None
:param callback: The callback method to call (or None) (@see PcapSniffer._user_callback_example)
"""
if not PcapSniffer.is_executable():
raise RuntimeError('Unable to execute pcap sniffer')
self.count = 0 # Sniffed packets
self.max_count = pkt_count
# Prevents the mac manufacturer lookup sniffing
self.filters = PcapSniffer._get_filters(filters)
self.src_file = src_file
self.dest_file = dest_file
self.limit_length = limit_length
self.user_callback = callback
self.interfaces = interfaces
Log.info('Analyzing filters: ' + str(self.filters))
if self.src_file is not None:
Log.info('Analyzing file: ' + self.src_file)
self._capture = pyshark.FileCapture(
input_file=self.src_file,
display_filter=self.filters,
output_file=self.dest_file,
# include_raw=True,
# use_json=True
# debug=APP_DEBUG
)
else:
Log.info('Analyzing live traffic')
self._capture = pyshark.LiveCapture(
interface=self.interfaces,
display_filter=self.filters,
output_file=self.dest_file,
# include_raw=True,
# use_json=True
# debug=APP_DEBUG
)