In this code with pyshark
import pyshark
cap = pyshark.FileCapture(filename)
i = 0
for idx, packet in enumerate(cap):
i += 1
print i
print len(cap._packets)
i and len(cap._packets) give two different results. Why is that?
A look at the source code reveals that _packets is a list containing packets and is only used internally:
When iterating through a FileCapture object with keep_packets = True packets are getting added to this list.
To get access to all packets in a FileCapture object you should iterate over it just like you did:
for packet in cap:
do_something(packet)
But to count the amount of packets just do this:
packet_amount = len(cap)
or use a counter like you did, but don't use _packets as it does not contain the complete packet list.