-
Notifications
You must be signed in to change notification settings - Fork 412
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stop a Live Capture #92
Comments
tshark is creating the temp file. I worked around this by using a ring buffer to tshark params: This will output to stdout and save to a 1MB temp file. You'll probably need to branch pyshark and change the subprocess parameters. |
Hi, @llchen223 what do you mean by "branch pyshark and change the subprocess parameters" ? thanks |
I mean you will need to modify the pyshark source code yourself with what I
|
That's what I thought. I'm going to change that if I can and will do a pull request if it's good enough, thanks anyway. |
You can also subclass LiveCapture and override the get_parameters() function, adding your own parameters. If you can do a PR with a function for setting extra parameters I will improve it (apologies for not fixing things myself, v. busy atm). |
I'm pretty busy right now, but maybe I'll later. But instead of kill tshark with a async coroutine or I-don't-know-what-sort-of-complicated-things. You can just pass -a duration:XX where is XX is second. |
I made PR. thanks On Tue, Nov 17, 2015 at 12:50 AM, Dor Green notifications@github.com
|
Hi, |
How do I fix this issue? Packet count or limit doesn't seem to be working |
Hi,
I just start with pyshark, and try to get a living capture. Here is the basic commands I use :
import pyshark
capture = pyshark.LiveCapture(interface='eth0')
capture.sniff(timeout=5)
By doing this, I get a capture of 5 seconds, that's ok.
The only problem I have, is that tshark continues to run in background, and doesn't stop to fill a temporary file in /tmp/ (named wireshark_pcapng_eth0_* with * the date and a sort of id).
The only way I have, to stop the tshark binary, is to stop my python script execution, but the tmp files are still existing.
So my question are :
Thanks,
Romain.
The text was updated successfully, but these errors were encountered: