How to use pyshark - 10 common examples

def test_capture_gets_decoding_parameters():
    c = Capture(decode_as={'tcp.port==8888': 'http'})
    params = c.get_parameters()
    decode_index = params.index('-d')
    assert params[decode_index + 1] == 'tcp.port==8888,http'

def test_capture_gets_multiple_decoding_parameters():
    c = Capture(decode_as={'tcp.port==8888': 'http', 'tcp.port==6666': 'dns'})
    params = c.get_parameters()
    decode_index = params.index('-d')
    possible_results = ['tcp.port==8888,http', 'tcp.port==6666,dns']
    assert params[decode_index + 1] in possible_results  
    possible_results.remove(params[decode_index + 1])
    decode_index = params.index('-d', decode_index + 1)
    assert params[decode_index + 1] == possible_results[0]

def test_get_display_filter_flag():
    actual = get_tshark_display_filter_flag(LooseVersion('1.10.0'))
    expected = '-Y'
    assert actual == expected

    actual = get_tshark_display_filter_flag(LooseVersion('1.6.0'))
    expected = '-R'
    assert actual == expected

def test_getting_packet_summary(simple_summary_capture):
    assert isinstance(simple_summary_capture[0], PacketSummary)

    # Since we cannot check the exact fields since they're dependent on wireshark configuration,
    # we'll at least make sure some data is in.
    assert simple_summary_capture[0]._fields

def test_get_tshark_version(mock_check_output):
    mock_check_output.return_value = (
        b'TShark 1.12.1 (Git Rev Unknown from unknown)\n\n'b'Copyright '
        b'1998-2014 Gerald Combs  and contributors.\n'
    )
    actual = get_tshark_version()
    expected = '1.12.1'
    assert actual == expected

def inmem_capture():
    return pyshark.InMemCapture()

def test_get_tshark_path(mock_exists):
    mock_exists.return_value = True
    actual = get_process_path("/some/path/tshark")
    expected = "/some/path/tshark"
    assert actual == expected

def test_get_tshark_interfaces(mock_check_output):
    mock_check_output.return_value = (
        b'1. wlan0\n2. any\n3. lo (Loopback)\n4. eth0\n5. docker0\n'
    )
    actual = get_tshark_interfaces()
    expected = ['1', '2', '3', '4', '5']
    assert actual == expected

parser.add_argument("-i", "--interface", help="chose interface", action="store", dest='interface')
    parser.add_argument("-r", "--ring", help="activate ring buffer", action="store_true",
                        default=False)

    args = parser.parse_args()

    # live ring capture
    if args.ring:
        logger.info("Starting Live Ring Capture on " + args.interface)
        cap = pyshark.LiveRingCapture(interface=args.interface, only_summaries=True, ring_file_size=4096,
                                      num_ring_files=50, ring_file_name='./db/pcap/pci.pcapng')
        packet_analysis_live(cap)
    # live capture
    elif args.interface:
        logger.info("Starting Live Capture on " + args.interface)
        cap = pyshark.LiveCapture(interface=args.interface, only_summaries=True)
        packet_analysis_live(cap)

    # pcap
    elif args.filepath:
        logger.info("Starting pcap analysis on " + args.filepath)
        cap = pyshark.FileCapture(input_file=args.filepath, only_summaries=True)
        packet_analysis(cap)

    else:
        parser.print_help()
    sys.exit()

global ssnets
	ssnets=IPSet(snets)
		
	if args.udpport is not None:
		cfilter='udp portrange '+args.udpport
	elif args.tcpport is not None:
		cfilter='tcp portrange '+args.tcpport
	else:
		cfilter='ip'
	
	cint=args.interface
	global start
	start = utils.current_time()
	print('Filter: %s on %s'%(cfilter,cint))
	try:
		capture = pyshark.LiveCapture(interface=cint,bpf_filter=cfilter)
		capture.apply_on_packets(pkt_callback)
		print(inter_interval_down)
		print(inter_interval_up)
	except KeyboardInterrupt:
		sys.exit(0)