Using subprocess to call a tshark command

Question

I am trying to read a .pcapng in Python using the command:

tshark_out = subprocess.getoutput('tshark -r USB.pcapng')

However, my code creates an error

UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 30: ordinal not in range(128)

Can I fix this by doing a conversion in my command or do I need to fix this through changing my Python script?

Answer 1

You're using a legacy Python2 subcommand in Python3 (see subprocess.getoutput docs)

Part of the problem is that you're converting a bytes object to a string implicity with getoutput. 0xe2 is 226, which is greater than the range of 128 for ASCII. Instead, you should get the stdout and stderr as bytes objects and convert in a later command. For example:

# captures the output for 1 packet.
import subprocess as sp
cmd = sp.run(["tshark", "-c", "1"], stdout=sp.PIPE, stderr=sp.PIPE)
print("STDOUT:\n", cmd.stdout, "\n\nSTDERR:\n", cmd.stderr)

Gives output

STDOUT:
b'    1   0.000000 179.118.244.35.bc.googleusercontent.com \xe2\x86\x92 
192.198.128.5 TLSv1.2  105 Application Data 6c:94:cf:d8:7f:e7 \xe2\x86\x90 
e0:55:3d:71:f7:29\n' 

STDERR:
b"Capturing on 'Wi-Fi: en0'\n1 packets dropped from Wi-Fi: en0\n1 packets captured\n"

You now have bytes objects for stdout and stderr. You can decode them with whichever encoding you want (like ASCII, UTF-8) or use them as is in your code.

You may also want to look at scapy, which is a python library to manipulate packets.

Note: This example uses run, but there are many Python Popen wrappers that do similar things.