Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_capture_gets_decoding_parameters():
c = Capture(decode_as={'tcp.port==8888': 'http'})
params = c.get_parameters()
decode_index = params.index('-d')
assert params[decode_index + 1] == 'tcp.port==8888,http'
def test_capture_gets_multiple_decoding_parameters():
c = Capture(decode_as={'tcp.port==8888': 'http', 'tcp.port==6666': 'dns'})
params = c.get_parameters()
decode_index = params.index('-d')
possible_results = ['tcp.port==8888,http', 'tcp.port==6666,dns']
assert params[decode_index + 1] in possible_results
possible_results.remove(params[decode_index + 1])
decode_index = params.index('-d', decode_index + 1)
assert params[decode_index + 1] == possible_results[0]
def test_get_display_filter_flag():
actual = get_tshark_display_filter_flag(LooseVersion('1.10.0'))
expected = '-Y'
assert actual == expected
actual = get_tshark_display_filter_flag(LooseVersion('1.6.0'))
expected = '-R'
assert actual == expected
def test_getting_packet_summary(simple_summary_capture):
assert isinstance(simple_summary_capture[0], PacketSummary)
# Since we cannot check the exact fields since they're dependent on wireshark configuration,
# we'll at least make sure some data is in.
assert simple_summary_capture[0]._fields
def test_get_tshark_version(mock_check_output):
mock_check_output.return_value = (
b'TShark 1.12.1 (Git Rev Unknown from unknown)\n\n'b'Copyright '
b'1998-2014 Gerald Combs and contributors.\n'
)
actual = get_tshark_version()
expected = '1.12.1'
assert actual == expected
def inmem_capture():
return pyshark.InMemCapture()
def test_get_tshark_path(mock_exists):
mock_exists.return_value = True
actual = get_process_path("/some/path/tshark")
expected = "/some/path/tshark"
assert actual == expected
def test_get_tshark_interfaces(mock_check_output):
mock_check_output.return_value = (
b'1. wlan0\n2. any\n3. lo (Loopback)\n4. eth0\n5. docker0\n'
)
actual = get_tshark_interfaces()
expected = ['1', '2', '3', '4', '5']
assert actual == expected
parser.add_argument("-i", "--interface", help="chose interface", action="store", dest='interface')
parser.add_argument("-r", "--ring", help="activate ring buffer", action="store_true",
default=False)
args = parser.parse_args()
# live ring capture
if args.ring:
logger.info("Starting Live Ring Capture on " + args.interface)
cap = pyshark.LiveRingCapture(interface=args.interface, only_summaries=True, ring_file_size=4096,
num_ring_files=50, ring_file_name='./db/pcap/pci.pcapng')
packet_analysis_live(cap)
# live capture
elif args.interface:
logger.info("Starting Live Capture on " + args.interface)
cap = pyshark.LiveCapture(interface=args.interface, only_summaries=True)
packet_analysis_live(cap)
# pcap
elif args.filepath:
logger.info("Starting pcap analysis on " + args.filepath)
cap = pyshark.FileCapture(input_file=args.filepath, only_summaries=True)
packet_analysis(cap)
else:
parser.print_help()
sys.exit()
global ssnets
ssnets=IPSet(snets)
if args.udpport is not None:
cfilter='udp portrange '+args.udpport
elif args.tcpport is not None:
cfilter='tcp portrange '+args.tcpport
else:
cfilter='ip'
cint=args.interface
global start
start = utils.current_time()
print('Filter: %s on %s'%(cfilter,cint))
try:
capture = pyshark.LiveCapture(interface=cint,bpf_filter=cfilter)
capture.apply_on_packets(pkt_callback)
print(inter_interval_down)
print(inter_interval_up)
except KeyboardInterrupt:
sys.exit(0)