Run tcpdump or tshark on a list of packets. When using ``tcpdump`` on OSX (``prog == conf.prog.tcpdump``), this uses a temporary file to store the packets. This works around a bug in Apple's version of ``tcpdump``: http://apple.stackexchange.com/questions/152682/ Otherwise, the pac
(
pktlist=None, # type: Union[IO[bytes], None, str, _PacketIterable]
dump=False, # type: bool
getfd=False, # type: bool
args=None, # type: Optional[List[str]]
flt=None, # type: Optional[str]
prog=None, # type: Optional[Any]
getproc=False, # type: bool
quiet=False, # type: bool
use_tempfile=None, # type: Optional[Any]
read_stdin_opts=None, # type: Optional[Any]
linktype=None, # type: Optional[Any]
wait=True, # type: bool
_suppress=False # type: bool
)
| 2975 | |
| 2976 | @conf.commands.register |
| 2977 | def tcpdump( |
| 2978 | pktlist=None, # type: Union[IO[bytes], None, str, _PacketIterable] |
| 2979 | dump=False, # type: bool |
| 2980 | getfd=False, # type: bool |
| 2981 | args=None, # type: Optional[List[str]] |
| 2982 | flt=None, # type: Optional[str] |
| 2983 | prog=None, # type: Optional[Any] |
| 2984 | getproc=False, # type: bool |
| 2985 | quiet=False, # type: bool |
| 2986 | use_tempfile=None, # type: Optional[Any] |
| 2987 | read_stdin_opts=None, # type: Optional[Any] |
| 2988 | linktype=None, # type: Optional[Any] |
| 2989 | wait=True, # type: bool |
| 2990 | _suppress=False # type: bool |
| 2991 | ): |
| 2992 | # type: (...) -> Any |
| 2993 | """Run tcpdump or tshark on a list of packets. |
| 2994 | |
| 2995 | When using ``tcpdump`` on OSX (``prog == conf.prog.tcpdump``), this uses a |
| 2996 | temporary file to store the packets. This works around a bug in Apple's |
| 2997 | version of ``tcpdump``: http://apple.stackexchange.com/questions/152682/ |
| 2998 | |
| 2999 | Otherwise, the packets are passed in stdin. |
| 3000 | |
| 3001 | This function can be explicitly enabled or disabled with the |
| 3002 | ``use_tempfile`` parameter. |
| 3003 | |
| 3004 | When using ``wireshark``, it will be called with ``-ki -`` to start |
| 3005 | immediately capturing packets from stdin. |
| 3006 | |
| 3007 | Otherwise, the command will be run with ``-r -`` (which is correct for |
| 3008 | ``tcpdump`` and ``tshark``). |
| 3009 | |
| 3010 | This can be overridden with ``read_stdin_opts``. This has no effect when |
| 3011 | ``use_tempfile=True``, or otherwise reading packets from a regular file. |
| 3012 | |
| 3013 | :param pktlist: a Packet instance, a PacketList instance or a list of |
| 3014 | Packet instances. Can also be a filename (as a string), an open |
| 3015 | file-like object that must be a file format readable by |
| 3016 | tshark (Pcap, PcapNg, etc.) or None (to sniff) |
| 3017 | :param flt: a filter to use with tcpdump |
| 3018 | :param dump: when set to True, returns a string instead of displaying it. |
| 3019 | :param getfd: when set to True, returns a file-like object to read data |
| 3020 | from tcpdump or tshark from. |
| 3021 | :param getproc: when set to True, the subprocess.Popen object is returned |
| 3022 | :param args: arguments (as a list) to pass to tshark (example for tshark: |
| 3023 | args=["-T", "json"]). |
| 3024 | :param prog: program to use (defaults to tcpdump, will work with tshark) |
| 3025 | :param quiet: when set to True, the process stderr is discarded |
| 3026 | :param use_tempfile: When set to True, always use a temporary file to store |
| 3027 | packets. |
| 3028 | When set to False, pipe packets through stdin. |
| 3029 | When set to None (default), only use a temporary file with |
| 3030 | ``tcpdump`` on OSX. |
| 3031 | :param read_stdin_opts: When set, a list of arguments needed to capture |
| 3032 | from stdin. Otherwise, attempts to guess. |
| 3033 | :param linktype: A custom DLT value or name, to overwrite the default |
| 3034 | values. |
no test coverage detected