I'm using SplitCap to split my pcaps into sessions. However, given that I have hundreds of them I want to write something to do it for me.

This CMD command works successfully.

G:\Program Files\Wireshark\PCAP>"G:\Program Files\Wireshark\SplitCap.exe" -r nonvpn-chat-aim-0.pcap -s session -o SplitPCAP
Splitting pcap file into seperate pcap files...
100%
Please wait while closing all file handles...

However, the exact same command fails in python:

>>> arg
['G:/Program Files/Wireshark/SplitCap.exe', '-r', 'G:/Program Files/Wireshark/PCAP/nonvpn-chat-aim-0.pcap', '-s', 'session', '-o', 'SplitPCAP']
>>> subprocess.run(arg)

Splitting pcap file into seperate pcap files...
10%
���� ����� �����: System.NotSupportedException: ����� ����� ������ ���� �����.
   �-  System.Security.Permissions.FileIOPermission.EmulateFileIOPermissionChecks(String fullPath)
   �-  System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   �-  System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

I'm not sure how to proceed from here. This error seems to be in C# and looking inside subprocess.py hasn't been much help...

CodePudding user response：

you can try os to excute cmd

os.system()
or
os.popen()

and the later one can get the return information with socket

CodePudding user response：

Turns out that the file argument of SplitCap doesn't like paths the way I was using them. The solution was to change subprocess.run(arg) to subprocess.run(arg, cwd="'G:/Program Files/Wireshark/SplitCap.exe'" and then change arg to be:

['G:/Program Files/Wireshark/SplitCap.exe', '-r', 'nonvpn-chat-aim-0.pcap', '-s', 'session', '-o', 'SplitPCAP']

That is, change the part after -r to exclude the full path. (and also, changing \ to /