Skip to content

PyShark Documentation

Description

This Read the Docs site is the usage documentation for the Python package PyShark. This documentation is a supplementary resource, with a huge amount of information that is not covered in the extended documentation for PyShark.

PyShark is a Python 3 wrapper for TShark. Tshark is a network protocol analyzer that allows you to capture packet data from a live network, or read packets from a previously saved capture file. Tshark itself is the command-line version of Wireshark and PyShark allows Python packet parsing using Wireshark dissectors.

PyShark use cases🔗

There are multiple use cases for PyShark. And these use cases can highly depend on the role of the person using PyShark. For example a network engineer might use PyShark to troubleshooting latency issues, while a security engineer might use PyShark to identify unauthorized data exfiltration. PyShark can perform these use cases in either real-time or in a post-mortem fashion.

Below are some of the most common use cases.

Common use cases🔗

  • Analyzing bandwidth usage
  • Troubleshooting latency issues
  • Investigating lost data packets
  • Detecting malicious network activity
  • Identify unauthorized data exfiltration
  • Intercepting Man-in-the-Middle (MITM) attacks
  • Identify the cause of a slow internet connection
  • Tracing voice over Internet (VoIP) calls over the network