Stop a Live Capture #92
Comments
|
tshark is creating the temp file. I worked around this by using a ring buffer to tshark params: This will output to stdout and save to a 1MB temp file. You'll probably need to branch pyshark and change the subprocess parameters. |
|
Hi, @llchen223 what do you mean by "branch pyshark and change the subprocess parameters" ? thanks |
|
I mean you will need to modify the pyshark source code yourself with what I
|
|
That's what I thought. I'm going to change that if I can and will do a pull request if it's good enough, thanks anyway. |
|
You can also subclass LiveCapture and override the get_parameters() function, adding your own parameters. If you can do a PR with a function for setting extra parameters I will improve it (apologies for not fixing things myself, v. busy atm). |
|
I'm pretty busy right now, but maybe I'll later. But instead of kill tshark with a async coroutine or I-don't-know-what-sort-of-complicated-things. You can just pass -a duration:XX where is XX is second. |
|
I made PR. thanks On Tue, Nov 17, 2015 at 12:50 AM, Dor Green notifications@github.com
|
|
Hi, |
|
How do I fix this issue? Packet count or limit doesn't seem to be working |
Hi,
I just start with pyshark, and try to get a living capture. Here is the basic commands I use :
import pyshark
capture = pyshark.LiveCapture(interface='eth0')
capture.sniff(timeout=5)
By doing this, I get a capture of 5 seconds, that's ok.
The only problem I have, is that tshark continues to run in background, and doesn't stop to fill a temporary file in /tmp/ (named wireshark_pcapng_eth0_* with * the date and a sort of id).
The only way I have, to stop the tshark binary, is to stop my python script execution, but the tmp files are still existing.
So my question are :
Thanks,
Romain.
The text was updated successfully, but these errors were encountered: