环境:
macOS Big Sur
Python 3.8.2
>>> pip3 install pyshark
Defaulting to user installation because normal site-packages is not writeable
Looking in indexes: https://pypi.tuna.tsinghua.edu.cn/simple
Collecting pyshark
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/d2/ed/acd141e42a4651e1a327eabba50c8faa8b2abb6b147da4258e97ef829a6f/pyshark-0.4.2.11-py3-none-any.whl (30 kB)
Collecting py
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/68/0f/41a43535b52a81e4f29e420a151032d26f08b62206840c48d14b70e53376/py-1.9.0-py2.py3-none-any.whl (99 kB)
|████████████████████████████████| 99 kB 1.6 MB/s
Collecting lxml
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/c5/2f/a0d8aa3eee6d53d5723d89e1fc32eee11e76801b424e30b55c7aa6302b01/lxml-4.6.1.tar.gz (3.2 MB)
|████████████████████████████████| 3.2 MB 16.2 MB/s
Building wheels for collected packages: lxml
Building wheel for lxml (setup.py) ... done
Created wheel for lxml: filename=lxml-4.6.1-cp38-cp38-macosx_10_14_6_x86_64.whl size=2942000 sha256=9f9f8686aff125410784b2fbe5876d01f5d94511273ec95c03dcb54518dc4c58
Stored in directory: /Users/microfat/Library/Caches/pip/wheels/26/df/20/7022b751ad158cf81b26178b60d0d0353d9f9cf99bde628631
Successfully built lxml
Installing collected packages: py, lxml, pyshark
Successfully installed lxml-4.6.1 py-1.9.0 pyshark-0.4.2.11
>>> import pyshark
>>> cap = pyshark.FileCapture('/Users/microfat/Downloads/new/xxxx.pcap')
>>> cap[0]
---------------------------------------------------------------------------
TSharkNotFoundException Traceback (most recent call last)
<ipython-input-4-064630a2769f> in <module>
----> 1 cap[0]
~/Library/Python/3.8/lib/python/site-packages/pyshark/capture/file_capture.py in __getitem__(self, packet_index)
69 while packet_index >= len(self._packets):
70 try:
---> 71 self.next()
72 except StopIteration:
73 # We read the whole file, and there's still not such packet.
~/Library/Python/3.8/lib/python/site-packages/pyshark/capture/file_capture.py in next(self)
59 return self._packet_generator.send(None)
60 elif self._current_packet >= len(self._packets):
---> 61 packet = self._packet_generator.send(None)
62 self._packets += [packet]
63 return super(FileCapture, self).next_packet()
~/Library/Python/3.8/lib/python/site-packages/pyshark/capture/capture.py in _packets_from_tshark_sync(self, packet_count, existing_process)
224 """
225 # NOTE: This has code duplication with the async version, think about how to solve this
--> 226 tshark_process = existing_process or self.eventloop.run_until_complete(self._get_tshark_process())
227 psml_structure, data = self.eventloop.run_until_complete(self._get_psml_struct(tshark_process.stdout))
228 packets_captured = 0
/usr/local/Cellar/python@3.8/3.8.6_1/Frameworks/Python.framework/Versions/3.8/lib/python3.8/asyncio/base_events.py in run_until_complete(self, future)
614 raise RuntimeError('Event loop stopped before Future completed.')
615
--> 616 return future.result()
617
618 def stop(self):
~/Library/Python/3.8/lib/python/site-packages/pyshark/capture/capture.py in _get_tshark_process(self, packet_count, stdin)
385 else:
386 output_type = "psml" if self._only_summaries else "pdml"
--> 387 parameters = [self._get_tshark_path(), "-l", "-n", "-T", output_type] + \
388 self.get_parameters(packet_count=packet_count) + output_parameters
389
~/Library/Python/3.8/lib/python/site-packages/pyshark/capture/capture.py in _get_tshark_path(self)
362
363 def _get_tshark_path(self):
--> 364 return get_process_path(self.tshark_path)
365
366 def _stderr_output(self):
~/Library/Python/3.8/lib/python/site-packages/pyshark/tshark/tshark.py in get_process_path(tshark_path, process_name)
56 path = path.replace("\\", "/")
57 return path
---> 58 raise TSharkNotFoundException(
59 "TShark not found. Try adding its location to the configuration file. "
60 "Searched these paths: {}".format(possible_paths)
TSharkNotFoundException: TShark not found. Try adding its location to the configuration file. Searched these paths: ['C:\\Program Files\\Wireshark\\tshark.exe', '/Users/microfat/Library/Python/3.8/bin/tshark', '/usr/local/bin/tshark', '/usr/bin/tshark', '/bin/tshark', '/usr/sbin/tshark', '/sbin/tshark', '/usr/local/go/bin/tshark']
提示找不到tshark
>>> brew cask install wireshark
==> Downloading https://2.na.dl.wireshark.org/osx/Wireshark%203.4.0%20Intel%2064.dmg
######################################################################## 100.0%
==> Verifying SHA-256 checksum for Cask 'wireshark'.
==> Installing Cask wireshark
==> Running installer for wireshark; your password may be necessary.
==> Package installers may write to any location; options such as --appdir are ignored.
Password:
installer: Package name is Add Wireshark to the system PATH
installer: Installing at base path /
installer: The install was successful.
==> Running installer for wireshark; your password may be necessary.
==> Package installers may write to any location; options such as --appdir are ignored.
installer: Package name is ChmodBPF
installer: Installing at base path /
installer: The install was successful.
==> Purging files for version 3.4.0 of Cask wireshark
Error: It seems there is already an App at '/Applications/Wireshark.app'.
将原来通过dmg文件安装的wireshark删除后再次使用brew安装
>>> brew cask install wireshark
==> Downloading https://2.na.dl.wireshark.org/osx/Wireshark%203.4.0%20Intel%2064.dmg
Already downloaded: /Users/microfat/Library/Caches/Homebrew/downloads/c3260c2994713030315f29798ee15b2a037ae5e4f2895ad9dbbe62d4f9319d57--Wireshark 3.4.0 Intel 64.dmg
==> Verifying SHA-256 checksum for Cask 'wireshark'.
==> Installing Cask wireshark
==> Running installer for wireshark; your password may be necessary.
==> Package installers may write to any location; options such as --appdir are ignored.
Password:
installer: Package name is Add Wireshark to the system PATH
installer: Upgrading at base path /
installer: The upgrade was successful.
==> Running installer for wireshark; your password may be necessary.
==> Package installers may write to any location; options such as --appdir are ignored.
installer: Package name is ChmodBPF
installer: Upgrading at base path /
installer: The upgrade was successful.
==> Moving App 'Wireshark.app' to '/Applications/Wireshark.app'.
==> Linking Binary 'editcap' to '/usr/local/bin/editcap'.
==> Linking Binary 'idl2wrs' to '/usr/local/bin/idl2wrs'.
==> Linking Binary 'mergecap' to '/usr/local/bin/mergecap'.
==> Linking Binary 'mmdbresolve' to '/usr/local/bin/mmdbresolve'.
==> Linking Binary 'randpkt' to '/usr/local/bin/randpkt'.
==> Linking Binary 'reordercap' to '/usr/local/bin/reordercap'.
==> Linking Binary 'sharkd' to '/usr/local/bin/sharkd'.
==> Linking Binary 'text2pcap' to '/usr/local/bin/text2pcap'.
==> Linking Binary 'tshark' to '/usr/local/bin/tshark'.
==> Linking Binary 'androiddump' to '/usr/local/bin/androiddump'.
==> Linking Binary 'ciscodump' to '/usr/local/bin/ciscodump'.
==> Linking Binary 'randpktdump' to '/usr/local/bin/randpktdump'.
==> Linking Binary 'sshdump' to '/usr/local/bin/sshdump'.
==> Linking Binary 'udpdump' to '/usr/local/bin/udpdump'.
==> Linking Binary 'rawshark' to '/usr/local/bin/rawshark'.
==> Linking Binary 'capinfos' to '/usr/local/bin/capinfos'.
==> Linking Binary 'captype' to '/usr/local/bin/captype'.
==> Linking Binary 'dftest' to '/usr/local/bin/dftest'.
==> Linking Binary 'dumpcap' to '/usr/local/bin/dumpcap'.
🍺 wireshark was successfully installed!
参考:https://stackoverflow.com/questions/26242156/install-wireshark-on-macos-x-via-brew