0

I'm trying to do some sort of Session Initiation Protocol sniffer. I'm using the pyshark module for python that offers me some functions to sniff packets from an interface. The thing is that there is a function called sniff() that when I give a parameter packet_count=0 it checks for packets indefinitely until I stop the whole program.

What I want to know if there is a way to stop the cap.sniff() function and retrieve the cap._packets (which is a list) and then let the rest of the program run.

Here is the code that I made:

def sniffsip():
    cap = pyshark.LiveCapture(interface='Ethernet')
    cap.sniff(packet_count=0)#This is function sniff() that checks for packets

    udp_packets = []

    for i in cap._packets:
        j = cap._packets.index(i)
        if cap._packets[j].transport_layer == 'UDP' and cap._packets[j].highest_layer == 'SIP':
            udp_packets.append(cap._packets[j])

    return udp_packets
F. Estevez
  • 31
  • 5
  • Where would you like to stop the function? A `break` `return` or `continue` could all do the job but some more context on how this function is working in your script would be helpful. – eddyizm Mar 17 '19 at 00:08
  • 2
    You can probably put the call to `sniff()` in a `try` block and [catch `KeyboardInterrupt` (often bound to Ctrl+C)](https://stackoverflow.com/q/21120947/354577). Run the code, stop capturing with Ctrl+C, then continue. I haven't tested this though, so just commenting. – ChrisGPT was on strike Mar 17 '19 at 00:11
  • *cap.sniff(packet_count=0)* is where the script start to check for packets, so I want to stop that function so I can get the *cap._packets* list. As I said before, this *cap.sniff()* is in the pyshark module – F. Estevez Mar 17 '19 at 01:13
  • @F.Estevez, that's what I think my suggestion will let you do. Please read the linked page. – ChrisGPT was on strike Mar 17 '19 at 01:14
  • @F.Estevez, also, please use _backticks_ (`\``) not underscores or asterisks to mark code. – ChrisGPT was on strike Mar 17 '19 at 01:15

1 Answers1

0

I guess you just want to break that cycle.

stop_flag = False # It is a global variable, you can set it in other functions

def sniffsip():
    global stop_flag # Our global variable...
    cap = pyshark.LiveCapture(interface='Ethernet')
    cap.sniff(packet_count=0)

    udp_packets = []

    for i in cap._packets:
        j = cap._packets.index(i)
        if cap._packets[j].transport_layer == 'UDP' and cap._packets[j].highest_layer == 'SIP':
            udp_packets.append(cap._packets[j])
        if stop_flag: # Here check the state of the flag
           stop_flag = False # Do not forget to set it false if you want to use the function again.
           break # Break the cycle

    return udp_packets
  • I think the problem is that `cap.sniff(packet_count=5)` doesn't return. It just keeps capturing packets, so the program doesn't progress past that line. – ChrisGPT was on strike Mar 17 '19 at 01:12
  • Actually, *cap.sniff(packet_count=0)* is where the script start to check for packets, so I want to stop that function so I can get the *cap._packets* list. As I said before, this *cap.sniff()* is in the pyshark module – F. Estevez Mar 17 '19 at 01:13