1
1
"""Module used for the actual running of TShark"""
2
+
2
3
import json
3
4
4
5
from packaging import version
@@ -43,8 +44,10 @@ def get_process_path(tshark_path=None, process_name="tshark"):
43
44
44
45
# Add the user provided path to the search list
45
46
if tshark_path is not None :
46
- user_tshark_path = os .path .join (os .path .dirname (tshark_path ),
47
- f"{ process_name } .exe" if sys .platform .startswith ("win" ) else process_name )
47
+ user_tshark_path = os .path .join (
48
+ os .path .dirname (tshark_path ),
49
+ f"{ process_name } .exe" if sys .platform .startswith ("win" ) else process_name ,
50
+ )
48
51
possible_paths .insert (0 , user_tshark_path )
49
52
50
53
# Windows search order: configuration file"s path, common paths.
@@ -57,14 +60,13 @@ def get_process_path(tshark_path=None, process_name="tshark"):
57
60
)
58
61
# Linux, etc. search order: configuration file's path, the system's path
59
62
else :
60
- os_path = os .getenv (
61
- "PATH" ,
62
- "/usr/bin:/usr/sbin:/usr/lib/tshark:/usr/local/bin"
63
- )
63
+ os_path = os .getenv ("PATH" , "/usr/bin:/usr/sbin:/usr/lib/tshark:/usr/local/bin" )
64
64
for path in os_path .split (":" ):
65
65
possible_paths .append (os .path .join (path , process_name ))
66
66
if sys .platform .startswith ("darwin" ):
67
- possible_paths .append (f"/Applications/Wireshark.app/Contents/MacOS/{ process_name } " )
67
+ possible_paths .append (
68
+ f"/Applications/Wireshark.app/Contents/MacOS/{ process_name } "
69
+ )
68
70
69
71
for path in possible_paths :
70
72
if os .path .exists (path ):
@@ -80,14 +82,18 @@ def get_process_path(tshark_path=None, process_name="tshark"):
80
82
def get_tshark_version (tshark_path = None ):
81
83
parameters = [get_process_path (tshark_path ), "-v" ]
82
84
with open (os .devnull , "w" ) as null :
83
- version_output = subprocess .check_output (parameters , stderr = null ).decode ("ascii" )
85
+ version_output = subprocess .check_output (parameters , stderr = null ).decode (
86
+ "ascii"
87
+ )
84
88
85
- version_line = version_output . splitlines ()[ 0 ]
86
- pattern = r'.*\s (\d+\.\d+\.\d+).*' # match " #.#.#" version pattern
87
- m = re .match (pattern , version_line )
89
+ # Search all lines for the line that includes 'TShark' and Version String
90
+ pattern = ".*TShark.* (\d+\.\d+\.\d+).*" # Match version like 4.4.6
91
+ m = re .search (pattern , version_output )
88
92
if not m :
89
- raise TSharkVersionException ("Unable to parse TShark version from: {}" .format (version_line ))
90
- version_string = m .groups ()[0 ] # Use first match found
93
+ raise TSharkVersionException (
94
+ "Unable to parse TShark version from: {}" .format (version_output )
95
+ )
96
+ version_string = m .groups (1 ) # Use first version match
91
97
92
98
return version .parse (version_string )
93
99
@@ -115,16 +121,24 @@ def get_tshark_interfaces(tshark_path=None):
115
121
"""
116
122
parameters = [get_process_path (tshark_path ), "-D" ]
117
123
with open (os .devnull , "w" ) as null :
118
- tshark_interfaces = subprocess .check_output (parameters , stderr = null ).decode ("utf-8" )
124
+ tshark_interfaces = subprocess .check_output (parameters , stderr = null ).decode (
125
+ "utf-8"
126
+ )
119
127
120
- return [line .split (" " )[1 ] for line in tshark_interfaces .splitlines () if '\\ \\ .\\ ' not in line ]
128
+ return [
129
+ line .split (" " )[1 ]
130
+ for line in tshark_interfaces .splitlines ()
131
+ if "\\ \\ .\\ " not in line
132
+ ]
121
133
122
134
123
135
def get_all_tshark_interfaces_names (tshark_path = None ):
124
136
"""Returns a list of all possible interface names. Some interfaces may have aliases"""
125
137
parameters = [get_process_path (tshark_path ), "-D" ]
126
138
with open (os .devnull , "w" ) as null :
127
- tshark_interfaces = subprocess .check_output (parameters , stderr = null ).decode ("utf-8" )
139
+ tshark_interfaces = subprocess .check_output (parameters , stderr = null ).decode (
140
+ "utf-8"
141
+ )
128
142
129
143
all_interface_names = []
130
144
for line in tshark_interfaces .splitlines ():
@@ -139,9 +153,7 @@ def get_ek_field_mapping(tshark_path=None):
139
153
with open (os .devnull , "w" ) as null :
140
154
mapping = subprocess .check_output (parameters , stderr = null ).decode ("ascii" )
141
155
142
- mapping = json .loads (
143
- mapping ,
144
- object_pairs_hook = _duplicate_object_hook )["mappings" ]
156
+ mapping = json .loads (mapping , object_pairs_hook = _duplicate_object_hook )["mappings" ]
145
157
# If using wireshark 4, the key "mapping" contains what we want,
146
158
if "dynamic" in mapping and "properties" in mapping :
147
159
pass
@@ -152,7 +164,9 @@ def get_ek_field_mapping(tshark_path=None):
152
164
elif "pcap_file" in mapping :
153
165
mapping = mapping ["pcap_file" ]
154
166
else :
155
- raise TSharkVersionException (f"Your tshark version does not support elastic-mapping. Please upgrade." )
167
+ raise TSharkVersionException (
168
+ f"Your tshark version does not support elastic-mapping. Please upgrade."
169
+ )
156
170
157
171
return mapping ["properties" ]["layers" ]["properties" ]
158
172
0 commit comments