Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nflog, "nflog:<group_num>" not supported as interface name #710

Open
anvilvapre opened this issue Sep 22, 2024 · 1 comment
Open

nflog, "nflog:<group_num>" not supported as interface name #710

anvilvapre opened this issue Sep 22, 2024 · 1 comment
Labels
bug

Comments

@anvilvapre
Copy link

anvilvapre commented Sep 22, 2024
edited
Loading

nflog requires you to specify the nglog group - an index - you want to capture. in tshart, dumppcap and tcpdump this works as expected. pyshark does not seem to support this.

cap = pyshark.LiveCapture('nflog', bpf_filter='ip and tcp') executes but does not result in packets

cap = pyshark.LiveCapture('nflog:1', bpf_filter='ip and tcp') does in tcpdump and tshark results in packets but in pyshark resuls in below error message:

sudo python3  cap.py
2024-09-22 16:53:15,055 - LiveCapture - DEBUG - Creating Dumpcap subprocess with parameters: /usr/bin/dumpcap -q -i nflog:1 -w -
2024-09-22 16:53:15,056 - LiveCapture - DEBUG - Dumpcap subprocess (pid 12513) created
Traceback (most recent call last):

....
 File "/usr/local/lib/python3.10/dist-packages/pyshark/capture/live_capture.py", line 82, in _verify_capture_parameters
    raise UnknownInterfaceException(
pyshark.capture.live_capture.UnknownInterfaceException: Interface 'nflog:1' does not exist, unable to initiate capture. Perhaps permissions are missing?
Possible interfaces:
...
nflog
....

See also https://wiki.wireshark.org/CaptureSetup/NFLOG.

It does however start a dumppcap process and leaves it running even after exit.
@anvilvapre anvilvapre added the bug label Sep 22, 2024
@anvilvapre
Copy link
Author

pyshark/src/pyshark/capture/live_capture.py

Lines 73 to 86 in c89fc6e

def _verify_capture_parameters(self):
all_interfaces_names = tshark.get_all_tshark_interfaces_names(self.tshark_path)
all_interfaces_lowercase = [interface.lower() for interface in all_interfaces_names]
for each_interface in self.interfaces:
if each_interface.startswith("rpcap://"):
continue
if each_interface.isnumeric():
continue
if each_interface.lower() not in all_interfaces_lowercase:
raise UnknownInterfaceException(
f"Interface '{each_interface}' does not exist, unable to initiate capture. "
f"Perhaps permissions are missing?\n"
f"Possible interfaces: {os.linesep.join(all_interfaces_names)}")

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@anvilvapre