nflog, "nflog:<group_num>" not supported as interface name

[anvilvapre]

nflog requires you to specify the nglog group - an index - you want to capture. in tshart, dumppcap and tcpdump this works as expected. pyshark does not seem to support this.

cap = pyshark.LiveCapture('nflog', bpf_filter='ip and tcp') executes but does not result in packets

cap = pyshark.LiveCapture('nflog:1', bpf_filter='ip and tcp') does in tcpdump and tshark results in packets but in pyshark resuls in below error message:

sudo python3  cap.py
2024-09-22 16:53:15,055 - LiveCapture - DEBUG - Creating Dumpcap subprocess with parameters: /usr/bin/dumpcap -q -i nflog:1 -w -
2024-09-22 16:53:15,056 - LiveCapture - DEBUG - Dumpcap subprocess (pid 12513) created
Traceback (most recent call last):

....
 File "/usr/local/lib/python3.10/dist-packages/pyshark/capture/live_capture.py", line 82, in _verify_capture_parameters
    raise UnknownInterfaceException(
pyshark.capture.live_capture.UnknownInterfaceException: Interface 'nflog:1' does not exist, unable to initiate capture. Perhaps permissions are missing?
Possible interfaces:
...
nflog
....

See also https://wiki.wireshark.org/CaptureSetup/NFLOG.

It does however start a dumppcap process and leaves it running even after exit.

[anvilvapre]

pyshark/src/pyshark/capture/live_capture.py

Lines 73 to 86 in c89fc6e

	def _verify_capture_parameters(self):
	all_interfaces_names = tshark.get_all_tshark_interfaces_names(self.tshark_path)
	all_interfaces_lowercase = [interface.lower() for interface in all_interfaces_names]
	for each_interface in self.interfaces:
	if each_interface.startswith("rpcap://"):
	continue
	if each_interface.isnumeric():
	continue
	if each_interface.lower() not in all_interfaces_lowercase:
	raise UnknownInterfaceException(
	f"Interface '{each_interface}' does not exist, unable to initiate capture. "
	f"Perhaps permissions are missing?\n"
	f"Possible interfaces: {os.linesep.join(all_interfaces_names)}")