3 Replies Latest reply: May 14, 2015 12:51 PM by Vinod Narayanan RSS

how to run readview.py

Vinod Narayanan

Hello all,

 

There is an example readview.py script in the netshark-examples directory. If I try to run it, it keeps throwing an error: list index out of range.

I tried with -l and that shows all the views. I am not able to export the data. I am running it as follows

 

python readview.py  host -u user -p "password"  -l

 

How to run this to get data for a view. Also is it possible to give a time range for this query.

 

Thanks,

 

Vinod N

  • Re: how to run readview.py
    Mike Garabedian

    Hi Vinod,

     

    Thanks for that bug report - there were indeed some issues that script which have now been corrected.

     

    If you update your 'steelscript-netshark' package to the latest version available (0.9.5.1) the example script should work more cleanly.  You can also view what was changed via github here:

    Fix broken readview example script · riverbed/steelscript-netshark@b24c439 · GitHub

     

    For specifying a timerange, you should probably look at the 'download.py' example instead - it has quite a few more options available.

     

    Thanks,

    Mike

    • Re: how to run readview.py
      Vinod Narayanan

      Thank you very much, the download.py seems to be a much better example. I am not able to provide filters though. Is there an example of how to call download.py with filter for a specific host or ip.

       

      Thanks

      • Re: how to run readview.py
        Vinod Narayanan

        Actually I figured it out and hopefully this reply will help others too. I used download.py to query and download pcap data from Netshark with timerange and with filters successfully, below is the explanation.

         

        c:\> python download.py netsharkhostname --user your-username --password your-password --jobname "use Job name, dont use job id" --timerange "13:58:00 to 13:59:00" --filter ip.address=10.20.x.y --filter ip.address=10.40.x.y --filter ip.transport.port=80

         

        The above example filters ipaddress 10.20.x.y and 10.40.x.y (these both should exist in a packet as either source or destination) along with required port , in this case 80. These filters are optional.