Expected Behavior

Under normal circumstances, I can issue tshark -E separator='@' under linux^{See Note A} and force it to display fields separated by @, as shown below…

[mpenning@hotcoffee ~]$ tshark -r scp_test.pcap -e frame.number -e ip.src_host -e tcp.srcport -E separator='@' -T fields tcp | less
1@192.168.12.236@33088
2@192.168.12.238@22
3@192.168.12.236@33088
...

Unexpected Behavior

Likewise, I thought I would run the same command through subprocess.Popen(), columnify, and colorize based on some analysis… all my analysis depends on the output being separated by @ when I run the script… however, my script is not using @… instead, it uses a single-quote; I am not sure I understand why this is happening.

Script

import subprocess
import sys

filename = sys.argv[1].strip()
fields = ['frame_num', 'IP Src', 'TCP Src']
sep = '@'
cmd = r"""tshark -r %s -e frame.number -e ip.src_host -e tcp.srcport -E separator='%s' -T fields tcp""" % (filename, sep)

subcmd = cmd.split(' ')
lines = subprocess.Popen(subcmd, stdout = subprocess.PIPE)
for line in lines.communicate()[0].split('\n'):
    print line

Results

[mpenning@hotcoffee ~]$ python analyze.py scp_test.pcap | less
1'192.168.12.236'33088
2'192.168.12.238'22
3'192.168.12.236'33088
4'192.168.12.238'22
5'192.168.12.236'33088
6'192.168.12.236'33088
7'192.168.12.238'22
8'192.168.12.236'33088

It seemingly does not matter whether I assign sep using any of the following…

• sep = '@'
• sep = '\@'
• sep = re.escape('@') # Desperation attempt ;-)

Question

Can someone explain:

1. Why my output is not separated with @ in the script above.
2. How I can fix the script using subprocess^{See Note B}?

End-Notes

Note A. System information:

[mpenning@hotcoffee ~]$ python -V
Python 2.6.6
[mpenning@hotcoffee ~]$ uname -a
Linux hotcoffee 2.6.32-5-amd64 #1 SMP Mon Mar 7 21:35:22 UTC 2011 x86_64 GNU/Linux
[mpenning@hotcoffee ~]$

Note B. Answers using os.system() or os.popen() are not what I’m looking for