Merge pull request #134 from yozik04/master

Added capture filter.
KimiNewt · Jun 2, 2016 · 336013e · 336013e
2 parents bc147f2 + 4238023
commit 336013e
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 3 deletions.
diff --git a/src/README.txt b/src/README.txt
@@ -57,6 +57,16 @@ Reading from a live interface:
     for packet in capture.sniff_continuously(packet_count=5):
         print 'Just arrived:', packet
 
+Infinite reading from a live interface with capture filter:
+------------------------------
+
+::
+
+    def packet_captured(packet):
+      print 'Just arrived:', packet
+
+    capture = pyshark.LiveCapture(interface='eth0', capture_filter='tcp')
+    capture.apply_on_packets(packet_captured)
 
 Accessing packet data:
 ----------------------

diff --git a/src/pyshark/capture/capture.py b/src/pyshark/capture/capture.py
@@ -38,10 +38,11 @@ class Capture(object):
 
     def __init__(self, display_filter=None, only_summaries=False, eventloop=None,
                  decryption_key=None, encryption_type='wpa-pwd', output_file=None,
-                 decode_as=None, tshark_path=None, override_prefs=None):
+                 decode_as=None, tshark_path=None, override_prefs=None, capture_filter=None):
         self._packets = []
         self.current_packet = 0
         self.display_filter = display_filter
+        self.capture_filter = capture_filter
         self.only_summaries = only_summaries
         self.output_file = output_file
         self.running_processes = set()
@@ -356,6 +357,8 @@ def get_parameters(self, packet_count=None):
         Returns the special tshark parameters to be used according to the configuration of this class.
         """
         params = []
+        if self.capture_filter:
+            params += ['-f', self.capture_filter]
         if self.display_filter:
             params += [get_tshark_display_filter_flag(self.tshark_path), self.display_filter]
         if packet_count:

diff --git a/src/pyshark/capture/live_capture.py b/src/pyshark/capture/live_capture.py
@@ -8,7 +8,7 @@ class LiveCapture(Capture):
     """
 
     def __init__(self, interface=None, bpf_filter=None, display_filter=None, only_summaries=False, decryption_key=None,
-                 encryption_type='wpa-pwk', output_file=None, decode_as=None, tshark_path=None, override_prefs=None):
+                 encryption_type='wpa-pwk', output_file=None, decode_as=None, tshark_path=None, override_prefs=None, capture_filter=None):
         """
         Creates a new live capturer on a given interface. Does not start the actual capture itself.
 
@@ -25,11 +25,12 @@ def __init__(self, interface=None, bpf_filter=None, display_filter=None, only_su
         it attempt to decode any port 8888 traffic as HTTP. See tshark documentation for details.
         :param tshark_path: Path of the tshark binary
         :param override_prefs: A dictionary of tshark preferences to override, {PREFERENCE_NAME: PREFERENCE_VALUE, ...}.
+        :param capture_filter: Capture (wireshark) filter to use.
         """
         super(LiveCapture, self).__init__(display_filter=display_filter, only_summaries=only_summaries,
                                           decryption_key=decryption_key, encryption_type=encryption_type,
                                           output_file=output_file, decode_as=decode_as, tshark_path=tshark_path,
-                                          override_prefs=override_prefs)
+                                          override_prefs=override_prefs, capture_filter=capture_filter)
         self.bpf_filter = bpf_filter
 
         if interface is None: