Introduction
Pyshark is Wireshark’s Python-wrapper. Capturing and parsing those packets is a python module to perform. You can catch live packets in Pyshark and export them to PCAP or CSV files, and you can also open PCAP or CSV files to read and decode Pyshark packets. Let’s take a look at how to mount the Pyshark, how to catch and save the live packets and finally how to read those packets.
The Pyshark is used to analyze the traffic. This helps you obtain information such as IP address, MAC address, ports, protocols and other information of this nature.
Pre-required — Basic information about Wireshark and Python version 3 and Wireshark must be installed in your system.
To install Pyshark execute the following command in cmd
“pip install pyshark” or “pip3 install pyshark”
Now let’s try capturing the live packets
import pyshark
try:
capture = pyshark.LiveCapture(interface="wlan0", output_file="pyshark.pcap")
capture.sniff()
except KeyboardInterrupt:
print(capture)Now we will finally try opening and reading a pcap file.
import pyshark
capture = pyshark.FileCapture("pyshark.pcap")
print(capture[0])
for i in capture:
print(i)Sample output
Summary
This article outlined the introduction to the Pyshark and basic of the Pyshark in a short, relevant and focused manner. I genuinely hope it has helped someone get a better understanding of Pyshark.
