How to use Python with wireshark

This tutorial explains how you can use Python with wireshark to automate packet capturing. The code builds an IP monitor tool with Python using tshark, the command line of wireshark. The details of the code and explanation is provided below.

The code line numbers and appropriate explanation is provided below.

1.Imports the OS module

2.Captures tshark on the eth0 interface (sudo tshark –i eth0) with a read filter applied to capture IP packets with destination address in the header as ip.dst=’=’), retrieves the source IP address in the packets (-T fields –e ip.src) , for 30 second duration (-a duration:30), and writes the source IP address values to the output.txt file (output.txt)

3.Opens the command using the appropriate function

4.Opens the output.txt file, in which the IP addresses are written.

5.Initializes a count variable as 0.

6.Starts a for loop for reading the lines in the file.

7.Strip each lines

8.Increments the count variable with 1 , for every lines stripped.

9.Prints the number of IP addresses which sent packets to the Ubuntu system which is the count variable.

10. Prints the appropriate message to view the output.txt file.

The tool is executed using the command sudo python from the ubuntu command line. The screenshot of the output is shown below.

Output File.txt (Opened using vi output.txt, screenshot below)

Check out our Ebook Wireshark tutorials for Network administrators. on Amazon

Check out our Network automation course with Python and Scapy on Udemy Python Scapy Course on Udemy