1

I'm trying to do a live capture with pyshark, but it wants to run tshark using sudo. I'm not sure how to run sudo out of python. The github thread states: "you can create a 'script' that just runs "sudo tshark" and tell pyshark to run that instead of tshark."

Buuuuut I'm not too sure how to do that. I was looking at Using sudo with Python script

but again not sure how to "run that instead of tshark"

Has anyone done this? Can anyone advise?

Bit more info here: If you're an admin user, you don' t need sudo to run "tshark -c 100 -i en0". If you "sudo chmod 777 /dev/bpf*" that works for things like Carnivore in Processing, but does zip all for Pyshark. Trying to edit Startup items to give you read access is moot on OSX because Yosemite tossed it.

Other info: https://apple.stackexchange.com/questions/138694/what-is-access-bpf-group I'm really starting to think something is just up w/ PyShark itself.

Thanks

mishap_n
  • 578
  • 2
  • 10
  • 23

2 Answers2

0

Don't use sudo to run Wireshark. Instead, configure your user account to be able to use Wireshark without root access. Detailed instructions are here: https://ask.wireshark.org/questions/7976/wireshark-setup-linux-for-nonroot-user

John Zwinck
  • 239,568
  • 38
  • 324
  • 436
  • I can already run wireshark and tshark w/out using sudo. The issue I am having is that PyShark for some reason won't do it. Also I'm on OSX, not a linux distribution. – mishap_n May 28 '17 at 02:37
  • If you can run Wireshark and tshark without sudo, and PyShark refuses, then either you have found a bug in PyShark, or you just haven't figured out what it wants. You should not need sudo. – John Zwinck May 28 '17 at 02:41
  • Agree, I shouldn't have to use sudo. Its what was suggested by the repo owner, so here I am. I'm not the only one having this issue tho. – mishap_n May 28 '17 at 02:49
0

WELP. turns out it was just because I hadn't used 'en0' Marking this as solved. HA.

mishap_n
  • 578
  • 2
  • 10
  • 23