Instead of reading the file directly, it is piped via STDIN

Arcopix · Arcopix · commit 43dbb91f9f33 · 2023-03-08T19:49:22.000+02:00
Added checks for .gz and .bz2 files, in which case zcat and bzcat is used to read the compressed file
Updated CHANGELOG.md
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,8 @@
 ## Alpha 4
 * Host validation no longer accepts hosts starting with '-'
 * Implemented experimental support for reading pcap file on the remote system
+  * Also supports packet captures compressed with gz (if extension is .gz)
+  * Also supports packet captures compressed with gz (if extension is .bz2)
 * Validation methods of AppConfig are now private
 * Implemented --port|-p argument which specifies the SSH port
 * Implemented compression on SSH level (enabled by -c|--compression)
diff --git a/remoteShark.py b/remoteShark.py
@@ -508,7 +508,12 @@ def runWireshark(self):
         if cfg.remotePcapFile == None:
             tcpdumpCMD = sprintf('%s -U -ni "%s" -s 0 -q -w - %s 2>/dev/null', tcpdumpCMD, cfg.interface, cfg.dumpFilter)
         else:
-            tcpdumpCMD = sprintf('%s -U -n -r %s -s 0 -q -w - %s 2>/dev/null', tcpdumpCMD, cfg.remotePcapFile, cfg.dumpFilter)
+            if (cfg.remotePcapFile.endswith('.gz')):
+                tcpdumpCMD = sprintf('zcat %s | %s -U -n -r - -s 0 -q -w - %s 2>/dev/null', cfg.remotePcapFile, tcpdumpCMD, cfg.dumpFilter)
+            elif (cfg.remotePcapFile.endswith('.bz2')):
+                tcpdumpCMD = sprintf('bzcat %s | %s -U -n -r - -s 0 -q -w - %s 2>/dev/null', cfg.remotePcapFile, tcpdumpCMD, cfg.dumpFilter)
+            else:
+                tcpdumpCMD = sprintf('cat %s | %s -U -n -r - -s 0 -q -w - %s 2>/dev/null', cfg.remotePcapFile, tcpdumpCMD, cfg.dumpFilter)
 	
         if self.cfg.debug >= 3:
             printf('Running command remote "%s"\n', tcpdumpCMD)
