RemoteCapture Parameters

The RemoteCapture module within PyShark has several parameters that are configurable. 

import pyshark

capture = pyshark.RemoteCapture(remote_host=None,
                                remote_interface=None,
                                remote_port=2002,
                                bpf_filter=None,
                                only_summaries=False,
                                decryption_key=None,
                                encryption_type="wpa-pwk",
                                decode_as=None,
                                disable_protocol=None,
                                tshark_path=None,
                                override_prefs=None,
                                eventloop=None,
                                debug=False,)
for packet in capture:
   # do something with the packet
  • remote_host:
    • type: string
    • default: required argument
    • description: The remote host to capture on (IP or hostname). Should be running rpcapd.
  • remote_interface:
    • type: string
    • default: required argument
    • description: The remote interface on the remote machine to capture on.
  • remote_port:
    • type: int
    • default: 2002
    • description: The remote port the rpcapd (remote daemon) service is listening on.
  • bpf_filter:
    • type: string
    • default: None
    • description: BPF filter to use on packets.
  • only_summaries:
    • type: boolean
    • default: False
    • description: Only produce packet summaries, much faster but includes very little information.
  • decryption_key:
    • type: string
    • default: None
    • description: Optional key used to encrypt and decrypt captured traffic.
  • encryption_type:
    • type: string
    • default: wpa-pwk
    • description: Standard of encryption used in captured traffic (must be either 'WEP', 'WPA-PWD', or 'WPA-PWK'.
  • decode_as:
    • type: dictionary
    • default: None
    • description: A dictionary of {decode_criterion_string: decode_as_protocol} that are used to tell TShark to decode protocols in situations it wouldn't usually, for instance {'tcp.port==8888': 'http'} would make it attempt to decode any port 8888 traffic as HTTP. See TShark documentation for details.
  • tshark_path:
    • type: string
    • default: None
    • description: ath of the TShark binary.
  • override_prefs:
    • type: dictionary
    • default: None
    • description: A dictionary of TShark preferences to override, {PREFERENCE_NAME: PREFERENCE_VALUE, ...}
  • disable_protocol:
    • type: string
    • default: None
    • description: Tells TShark to remove a dissector for a specific protocol.
  • debug:
    • type: boolean
    • default: False
    • description: Whether to enable debug mode.