This entry is part 3 of 4 in the series Intro to PyShark

Before we get started you should read a few things in this post about the differences here between the current version of PyShark (0.3.3) and the documentation on the website. Everything I cover in this post will be things I’ve tested and confirmed work in the current version.

Now that we know how to use the FileCapture and LiveCapture modules to capture some packets, let’s see what options we have with the returned capture object (truncated list for brevity):

These are the methods/attributes that I feel are actually useful, most of the other ones are used for debugging or internally for the capture process. The display_filter, encryption, input_filename attributes are used for displaying parameters passed into  FileCapture or LiveCapture.

The real magic here is the apply_on_packets() and next() methods. Iteration (via for loop) is available because of the next() method, and apply_on_packets() is another way to iterate through the packets, passing in a function to apply to each packet:

This can also be used for things other than printing, such as adding the packets to a list for counting or other processing. Here’s a script that will append all the packets to a list and print the count:

Check out the next PyShark article that covers the methods and attributes of the PyShark packet object.

Series Navigation<< PyShark – FileCapture and LiveCapture modulesPyShark – Using the packet Object >>

This article has 1 comments

  1. Pingback: PyShark – FileCapture and LiveCapture modules | thePacketGeek

Leave a Reply

Your email address will not be published. Required fields are marked *