MCPcopy Index your code
hub / github.com/secdev/scapy / tcpdump

Function tcpdump

scapy/utils.py:2977–3245  ·  view source on GitHub ↗

Run tcpdump or tshark on a list of packets. When using ``tcpdump`` on OSX (``prog == conf.prog.tcpdump``), this uses a temporary file to store the packets. This works around a bug in Apple's version of ``tcpdump``: http://apple.stackexchange.com/questions/152682/ Otherwise, the pac

(
    pktlist=None,  # type: Union[IO[bytes], None, str, _PacketIterable]
    dump=False,  # type: bool
    getfd=False,  # type: bool
    args=None,  # type: Optional[List[str]]
    flt=None,  # type: Optional[str]
    prog=None,  # type: Optional[Any]
    getproc=False,  # type: bool
    quiet=False,  # type: bool
    use_tempfile=None,  # type: Optional[Any]
    read_stdin_opts=None,  # type: Optional[Any]
    linktype=None,  # type: Optional[Any]
    wait=True,  # type: bool
    _suppress=False  # type: bool
)

Source from the content-addressed store, hash-verified

2975
2976@conf.commands.register
2977def tcpdump(
2978 pktlist=None, # type: Union[IO[bytes], None, str, _PacketIterable]
2979 dump=False, # type: bool
2980 getfd=False, # type: bool
2981 args=None, # type: Optional[List[str]]
2982 flt=None, # type: Optional[str]
2983 prog=None, # type: Optional[Any]
2984 getproc=False, # type: bool
2985 quiet=False, # type: bool
2986 use_tempfile=None, # type: Optional[Any]
2987 read_stdin_opts=None, # type: Optional[Any]
2988 linktype=None, # type: Optional[Any]
2989 wait=True, # type: bool
2990 _suppress=False # type: bool
2991):
2992 # type: (...) -> Any
2993 """Run tcpdump or tshark on a list of packets.
2994
2995 When using ``tcpdump`` on OSX (``prog == conf.prog.tcpdump``), this uses a
2996 temporary file to store the packets. This works around a bug in Apple's
2997 version of ``tcpdump``: http://apple.stackexchange.com/questions/152682/
2998
2999 Otherwise, the packets are passed in stdin.
3000
3001 This function can be explicitly enabled or disabled with the
3002 ``use_tempfile`` parameter.
3003
3004 When using ``wireshark``, it will be called with ``-ki -`` to start
3005 immediately capturing packets from stdin.
3006
3007 Otherwise, the command will be run with ``-r -`` (which is correct for
3008 ``tcpdump`` and ``tshark``).
3009
3010 This can be overridden with ``read_stdin_opts``. This has no effect when
3011 ``use_tempfile=True``, or otherwise reading packets from a regular file.
3012
3013 :param pktlist: a Packet instance, a PacketList instance or a list of
3014 Packet instances. Can also be a filename (as a string), an open
3015 file-like object that must be a file format readable by
3016 tshark (Pcap, PcapNg, etc.) or None (to sniff)
3017 :param flt: a filter to use with tcpdump
3018 :param dump: when set to True, returns a string instead of displaying it.
3019 :param getfd: when set to True, returns a file-like object to read data
3020 from tcpdump or tshark from.
3021 :param getproc: when set to True, the subprocess.Popen object is returned
3022 :param args: arguments (as a list) to pass to tshark (example for tshark:
3023 args=["-T", "json"]).
3024 :param prog: program to use (defaults to tcpdump, will work with tshark)
3025 :param quiet: when set to True, the process stderr is discarded
3026 :param use_tempfile: When set to True, always use a temporary file to store
3027 packets.
3028 When set to False, pipe packets through stdin.
3029 When set to None (default), only use a temporary file with
3030 ``tcpdump`` on OSX.
3031 :param read_stdin_opts: When set, a list of arguments needed to capture
3032 from stdin. Otherwise, attempts to guess.
3033 :param linktype: A custom DLT value or name, to overwrite the default
3034 values.

Callers 4

__init__Method · 0.90
_runMethod · 0.90
wiresharkFunction · 0.85
tdecodeFunction · 0.85

Calls 14

Scapy_ExceptionClass · 0.90
compile_filterFunction · 0.90
_guess_linktype_nameFunction · 0.85
_guess_linktype_valueFunction · 0.85
PcapReaderClass · 0.85
get_temp_fileFunction · 0.85
wrpcapFunction · 0.85
joinMethod · 0.80
_read_packetMethod · 0.45
appendMethod · 0.45
readMethod · 0.45

Tested by

no test coverage detected