0

tshark - get real time data for long run

tshark

asked 2021-01-29 11:25:20 +0000

1 ●9 ●16 ●19

Returning to 2013,

I have same issue as mentioned:

I'd like to use tshark (on win 7 machine) for long time running (not 24x7, but couple of hours) for extracting some data from my custom lua dissector. The computer where it is executed is a port monitor (i.e. there is a lot of non relevant traffic).

I'm using the filter options with -T fields and -e for attributes to send data to stdout (python will trigger start of the capture, get the tshark extracted fields and parse it for further process).

What is the best solution I have?

Is there some better solution to extract and import data to python?

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted

0

answered 2021-01-29 15:46:53 +0000

Chuckc
2858 ●5 ●568 ●19

Limiting tsharks /tmp file uses pipes to address the issue in 2013 question.

pyshark may help with the python integration.

edit flag offensive delete link

Comments

I'm trying to use pyshark, but it is crashing: TShark seems to have crashed (retcode: 1). Do you have any idea what could be the issue?

BMWE ( 2021-02-04 17:58:11 +0000 )edit

After updating the files, it seems to work fine.

Chuckc ( 2021-02-06 01:58:52 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Question Tools

1 follower

Stats

Asked: 2021-01-29 11:25:20 +0000

Seen: 388 times

Last updated: Jan 29 '21

Related questions

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.

Powered by Askbot version 0.10.2