In a previous post I’ve written about pyshark and how easy it makes it to analyze network traffic in Python. As I often use a Raspberry Pi as a Wifi access point to trace live network traffic network traffic I was obviously intrigued if pyshark would also run on the Raspberry Pi. And it does, but not quite out of the box.
On Ubuntu and probably most other Linux distribution, pyshark can be installed with two commands, ‘sudo apt-get install python3-pip‘ to install pip for python3 and then ‘pip3 install pyshark‘. On the Raspberry Pi running Raspian (based on Debian Jessie), a few additional steps are necessary because tshark and two libraries are not installed by default:
sudo apt-get install tshark # allow user pi to use tshark without sudo # logout/in required! sudo usermod -a -G wireshark pi sudo apt-get install libxml2-dev sudo apt-get install libxslt-dev sudo pip3 install pyshark
Installing the two libraries took around 10-15 minutes on my Raspi 2 as some parts are compiled from source during installation. But other than a bit of patience, nothing else is required.
From a performance point of view, a Raspi 2 can keep up with around 100 packets per second. At that rate one of the CPU cores gets to its limit. Not overly impressive but it’s good enough for analyzing a bi-directional VoIP stream in which a packet in both directions is sent every 20 milliseconds.