Skip to content

Commit 293f5ea

Browse files
KimiNewtKimiNewt
authored
Merge pull request #608 from esclear/wireshark-4
Fix elastic mapping for new Wireshark 4
2 parents 60f0821 + c2feb17 commit 293f5ea

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

src/pyshark/tshark/tshark.py

+6-1
Original file line numberDiff line numberDiff line change
@@ -138,8 +138,13 @@ def get_ek_field_mapping(tshark_path=None):
138138
mapping = json.loads(
139139
mapping,
140140
object_pairs_hook=_duplicate_object_hook)["mappings"]
141-
if "doc" in mapping:
141+
# If using wireshark 4, the key "mapping" contains what we want,
142+
if "dynamic" in mapping and "properties" in mapping:
143+
pass
144+
# if using wireshark 3.5 to < 4 the data in "mapping.doc",
145+
elif "doc" in mapping:
142146
mapping = mapping["doc"]
147+
# or "mapping.pcap_file" if using wireshark < 3.5
143148
elif "pcap_file" in mapping:
144149
mapping = mapping["pcap_file"]
145150
else:

0 commit comments

Comments
 (0)