diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 8b38e4d61..8608025b6 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -211,9 +211,13 @@ class L2ListenTcpdump(SuperSocket): filter = "not (%s)" % conf.except_filter if filter is not None: args.append(filter) - self.ins = PcapReader(tcpdump(None, prog=prog, args=args, getfd=True)) + self.tcpdump_proc = tcpdump(None, prog=prog, args=args, getproc=True) + self.ins = PcapReader(self.tcpdump_proc.stdout) def recv(self, x=MTU): return self.ins.recv(x) + def close(self): + SuperSocket.close(self) + self.tcpdump_proc.kill() class TunTapInterface(SuperSocket): diff --git a/scapy/utils.py b/scapy/utils.py index edbca70c0..441a5cab3 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1200,7 +1200,7 @@ def wireshark(pktlist): @conf.commands.register def tcpdump(pktlist, dump=False, getfd=False, args=None, - prog=None): + prog=None, getproc=False): """Run tcpdump or tshark on a list of packets pktlist: a Packet instance, a PacketList instance or a list of Packet @@ -1211,6 +1211,7 @@ pktlist: a Packet instance, a PacketList instance or a list of Packet dump: when set to True, returns a string instead of displaying it. getfd: when set to True, returns a file-like object to read data from tcpdump or tshark from. +getproc: when set to True, the subprocess.Popen object is returned args: arguments (as a list) to pass to tshark (example for tshark: args=["-T", "json"]). Defaults to ["-n"]. prog: program to use (defaults to tcpdump, will work with tshark) @@ -1249,6 +1250,7 @@ To get a JSON representation of a tshark-parsed PacketList(), one can: u'64' """ + getfd = getfd or getproc if prog is None: prog = [conf.prog.tcpdump] elif isinstance(prog, six.string_types): @@ -1300,6 +1302,8 @@ u'64' proc.stdin.close() if dump: return b"".join(iter(lambda: proc.stdout.read(1048576), b"")) + if getproc: + return proc if getfd: return proc.stdout proc.wait()