rjmcmahon
/
fiwi_monitor
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix Python parser: improve field parsing robustness and add debug output 

- Use int() parsing instead of isdigit() for more robust frame number validation
- Preserve leading tabs with rstrip() instead of strip()
- Add debug output when parsing fails to help diagnose issues
- Handle empty fields and whitespace more gracefully

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Robert McMahon 2026-02-13 15:01:32 -08:00
parent 3cb36bff4b
commit 5132a667e9
2 changed files with 47 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
parse_tshark_pcap.py
View File

@ -68,10 +68,21 @@ def parse_tshark_output(pcap_file: str) -> List[List[str]]:
check=False # Don't fail on errors check=False # Don't fail on errors
) )
# Debug: Check if we got any output
if result.stderr:
# Print stderr warnings but don't fail
pass # We'll filter these out
# Filter out error messages and status lines # Filter out error messages and status lines
lines = [] lines = []
for line in result.stdout.splitlines(): raw_lines = result.stdout.splitlines()
line = line.strip()
# Debug: If no lines parsed, show what we got
if len(raw_lines) == 0:
return []
for line in raw_lines:
line = line.rstrip() # Only strip trailing whitespace, keep leading tabs
# Skip empty lines and tshark status messages # Skip empty lines and tshark status messages
if not line: if not line:
continue continue
@ -79,11 +90,23 @@ def parse_tshark_output(pcap_file: str) -> List[List[str]]:
continue continue
if "tshark:" in line.lower() or "packets captured" in line.lower(): if "tshark:" in line.lower() or "packets captured" in line.lower():
continue continue
# Only process lines that start with a number (frame number)
if line and line[0].isdigit(): # Split by tab to get fields
fields = line.split("\t") fields = line.split("\t")
if len(fields) > 0: if len(fields) == 0:
continue
# Check if first field (frame.number) is a valid number
# This handles cases where frame.number might be empty or the line starts with tabs
first_field = fields[0].strip()
# Try to parse as integer - if it succeeds, it's a valid frame number
try:
frame_num = int(first_field)
if frame_num > 0: # Valid frame numbers are positive
lines.append(fields) lines.append(fields)
except (ValueError, IndexError):
# Not a valid frame number, skip this line
continue
return lines return lines
@ -234,6 +257,22 @@ def main():
# Parse packets # Parse packets
packets = parse_tshark_output(pcap_file) packets = parse_tshark_output(pcap_file)
final_count = count_packets(packets) final_count = count_packets(packets)
# Debug: If no packets parsed but raw count shows packets, try to see what tshark output
if final_count == 0 and raw_packet_count > 0:
# Try a simple test to see if tshark can read the file
import subprocess
test_result = subprocess.run(
["tshark", "-q", "-r", pcap_file, "-n", "-T", "fields", "-e", "frame.number"],
capture_output=True,
text=True
)
if test_result.stdout:
sample_lines = test_result.stdout.splitlines()[:5]
print(f"Debug: tshark -T fields -e frame.number returned {len(test_result.stdout.splitlines())} lines")
print(f"Debug: First 5 lines: {sample_lines}")
else:
print("Debug: tshark returned no output")
plcp_count = count_plcp_headers(packets) plcp_count = count_plcp_headers(packets)
# Check for parsing issues # Check for parsing issues

4
test_monitor_tshark.sh
View File

@ -39,7 +39,7 @@ echo "Duration: $DURATION seconds"
echo "" echo ""
# Check if running as root # Check if running as root
if [ "$EUID" -ne 0 ]; then if [ "$EUID" -ne 0 ]; then
echo "Please run as root (use sudo)" echo "Please run as root (use sudo)"
exit 1 exit 1
fi fi
@ -174,7 +174,7 @@ fi
if [ -f "$TEMP_PCAP" ]; then if [ -f "$TEMP_PCAP" ]; then
PCAP_SIZE=$(stat -c%s "$TEMP_PCAP" 2>/dev/null || stat -f%z "$TEMP_PCAP" 2>/dev/null || echo "0") PCAP_SIZE=$(stat -c%s "$TEMP_PCAP" 2>/dev/null || stat -f%z "$TEMP_PCAP" 2>/dev/null || echo "0")
echo "Pcap file size: $PCAP_SIZE bytes" echo "Pcap file size: $PCAP_SIZE bytes"
# Count packets in raw pcap file using capinfos or tshark # Count packets in raw pcap file using capinfos or tshark
if command -v capinfos &> /dev/null; then if command -v capinfos &> /dev/null; then
RAW_PACKET_COUNT=$(capinfos -c "$TEMP_PCAP" 2>/dev/null | grep "^Number of packets:" | awk '{print $4}' || echo "0") RAW_PACKET_COUNT=$(capinfos -c "$TEMP_PCAP" 2>/dev/null | grep "^Number of packets:" | awk '{print $4}' || echo "0")