Using Tshark in Python Subprocess is giving syntax error

Question

I am trying to develop a script to read pcap file and extract some field from it but using tshark as a subprocess. However i am getting syntax error regarding cmd. Can anyone help me out on this?

def srcDestDport (filename):
  cmd = r"tshark -o column.format:"Source","%s", "Destination","%d", "dstport"," %uD"' -r %s"%(filename)
  subcmd = cmd.split(' ')
  lines = subprocess.Popen(subcmd,stdout=subprocess.PIPE)
  return lines

Answer 1

As far as Python is concerned, you appear to be missing some commas in your cmd definition:

cmd = r"tshark -o column.format:"Source","%s", "Destination","%d", "dstport"," %uD"' -r %s"%(filename)
#              -- no comma here -^                              ----^  ----^     --^

because the first string ends when the first " is encountered at "Source"; a raw string does not preclude you from escaping embedded quotes.

If you wanted to produce a list of arguments, just make it a list directly, saves you interpolating the filename too:

cmd = ["tshark", "-o", 
       'column.format:"Source","%s","Destination","%d","dstport"," %uD"',
       "-r", filename]

Note the single quotes around the 3rd argument to preserve the quotes in the command line argument.

This eliminates the need to split as well and preserves whitespace in the filename.