Welcome to PyPCAPKit’s documentation!

The PyPCAPKit project is an open source Python program focus on PCAP parsing and analysis, which works as a stream PCAP file extractor. With support of DictDumper, it shall support multiple output report formats.

Important

The whole project supports Python 3.4 or later.

Stream PCAP File Extractor

pcapkit is an independent open source library, using only DictDumper as its formatted output dumper.

There is a project called jspcapy works on pcapkit, which is a command line tool for PCAP extraction.

Unlike popular PCAP file extractors, such as Scapy, DPKT, PyShark, and etc, pcapkit uses streaming strategy to read input files. That is to read frame by frame, decrease occupation on memory, as well as enhance efficiency in some way.

Library Foundation

pcapkit.foundation is a collection of fundations for pcapkit, including PCAP file extraction tool Extrator, application layer protocol analyser Analysis, and TCP flow tracer TraceFlow.

Analyser for Application Layer

pcapkit.foundation.analysis works as a header quarter to analyse and match application layer protocol. Then, call corresponding modules and functions to extract the attributes.

Extractor for PCAP Files

pcapkit.foundation.extraction contains Extractor only, which synthesises file I/O and protocol analysis, coordinates information exchange in all network layers, extracts parametres from a PCAP file.

Todo

Implement engine support for pypcap & pycapfile.

pcapkit.foundation.extraction.CPU_CNT: int

Number of available CPUs. The value is used as the maximum concurrent workers in multiprocessing engines.

Trace TCP Flows

pcapkit.foundation.traceflow is the interface to trace TCP flows from a series of packets and connections.

Note

This was implemented as the demand of my mate @gousaiyang.

Data Structure

trace.packet

Data structure for TCP flow tracing (dump()) is as following:

tract_dict = dict(
    protocol=data_link,                     # data link type from global header
    index=frame.info.number,                # frame number
    frame=frame.info,                       # extracted frame info
    syn=tcp.flags.syn,                      # TCP synchronise (SYN) flag
    fin=tcp.flags.fin,                      # TCP finish (FIN) flag
    src=ip.src,                             # source IP
    dst=ip.dst,                             # destination IP
    srcport=tcp.srcport,                    # TCP source port
    dstport=tcp.dstport,                    # TCP destination port
    timestamp=frame.info.time_epoch,        # frame timestamp
)

trace.buffer

Data structure for internal buffering when performing reassembly algorithms (_buffer) is as following:

(dict) buffer --> memory buffer for reassembly
 |--> (tuple) BUFID : (dict)
 |       |--> ip.src      |
 |       |--> ip.dst      |
 |       |--> tcp.srcport |
 |       |--> tcp.dstport |
 |                        |--> 'fpout' : (dictdumper.dumper.Dumper) output dumper object
 |                        |--> 'index': (list) list of frame index
 |                        |              |--> (int) frame index
 |                        |--> 'label': (str) flow label generated from ``BUFID``
 |--> (tuple) BUFID ...

trace.index

Data structure for TCP flow tracing (element from index tuple) is as following:

(tuple) index
 |--> (Info) data
 |     |--> 'fpout' : (Optional[str]) output filename if exists
 |     |--> 'index': (tuple) tuple of frame index
 |     |              |--> (int) frame index
 |     |--> 'label': (str) flow label generated from ``BUFID``
 |--> (Info) data ...

Implementation

User Interface

pcapkit.interface defines several user-oriented interfaces, variables, and etc. These interfaces are designed to help and simplify the usage of pcapkit.

Core User Interface

pcapkit.interface.core defines core user-oriented interfaces, variables, and etc., which wraps around the foundation classes from pcapkit.foundation.

PCAP Extration

Application Layer Analysis

Payload Reassembly

TCP Flow Tracing

Output File Formats

pcapkit.interface.core.TREE = 'tree'

pcapkit.interface.core.JSON = 'json'

pcapkit.interface.core.PLIST = 'plist'

pcapkit.interface.core.PCAP = 'pcap'

Layer Thresholds

pcapkit.interface.core.RAW = 'None'

pcapkit.interface.core.LINK = 'Link'

pcapkit.interface.core.INET = 'Internet'

pcapkit.interface.core.TRANS = 'Transport'

pcapkit.interface.core.APP = 'Application'

Extration Engines

pcapkit.interface.core.DPKT = 'dpkt'

pcapkit.interface.core.Scapy = 'scapy'

pcapkit.interface.core.PCAPKit = 'default'

pcapkit.interface.core.PyShark = 'pyshark'

pcapkit.interface.core.MPServer = 'server'

pcapkit.interface.core.MPPipeline = 'pipeline'

Auxiliary Interface

pcapkit.interface.misc contains miscellaneous user interface functions, classes, etc., which are generally provided per user’s requests.

Protocol Family

pcapkit.protocols is collection of all protocol families, with detailed implementation and methods.

PCAP File Headers

pcapkit.protocols.misc.pcap contains header descriptions for PCAP files, including global header (Header) and frame header (Frame).

Global Header

pcapkit.protocols.misc.pcap.header contains Header only, which implements extractor for global headers * of PCAP, whose structure is described as below:

typedef struct pcap_hdr_s {
    guint32 magic_number;   /* magic number */
    guint16 version_major;  /* major version number */
    guint16 version_minor;  /* minor version number */
    gint32  thiszone;       /* GMT to local correction */
    guint32 sigfigs;        /* accuracy of timestamps */
    guint32 snaplen;        /* max length of captured packets, in octets */
    guint32 network;        /* data link type */
} pcap_hdr_t;

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class DataType_Header

Bases

TypedDict

PCAP global header.

magic_number: DataType_MagicNumber

magic number

version_major: int

major version number

version_minor: int

minor version number

thiszone: int

GMT to local correction

sigfigs: int

accuracy of timestamps

snaplen: int

max length of captured packets, in octets

network: pcapkit.const.reg.linktype.LinkType

data link type

class DataType_MagicNumber

Bases

TypedDict

PCAP magic number.

data: bytes

original magic number

byteorder: str

byte order (big / little)

nanosecond: bool

nanosecond-timestamp support

---

*

https://wiki.wireshark.org/Development/LibpcapFileFormat#Global_Header

Frame Header *

pcapkit.protocols.misc.pcap.frame contains Frame only, which implements extractor for frame headers of PCAP, whose structure is described as below:

typedef struct pcaprec_hdr_s {
    guint32 ts_sec;     /* timestamp seconds */
    guint32 ts_usec;    /* timestamp microseconds */
    guint32 incl_len;   /* number of octets of packet saved in file */
    guint32 orig_len;   /* actual length of packet */
} pcaprec_hdr_t;

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class pcapkit.protocols.misc.pcap.frame.DataType_Frame

Bases

TypedDict

PCAP frame header.

frame_info: DataType_FrameInfo

PCAP frame information

time: datetime.datetime

timestamp

number: int

frame index number

time_epoch: float

EPOCH timestamp

len: int

captured packet length

cap_len: int

actual packet length

packet: bytes

packet raw data

protocols: pcapkit.corekit.protochain.ProtoChain

protocol chain

error: Optional[str]

error message (optional)

class pcapkit.protocols.misc.pcap.frame.DataType_FrameInfo

Bases

TypedDict

Frame information.

ts_sec: int

timestamp seconds

ts_usec: int

timestamp microseconds/nanoseconds

incl_len: int

number of octets of packet saved in file

orig_len: int

actual length of packet

---

*

https://wiki.wireshark.org/Development/LibpcapFileFormat#Record_.28Packet.29_Header

Link Layer Protocols

pcapkit.protocols.link is collection of all protocols in link layer, with detailed implementation and methods.

ARP/InARP - (Inverse) Address Resolution Protocol

pcapkit.protocols.link.arp contains ARP only, which implements extractor for (Inverse) Address Resolution Protocol (ARP/InARP) *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	arp.htype	Hardware Type
2	16	arp.ptype	Protocol Type
4	32	arp.hlen	Hardware Address Length
5	40	arp.plen	Protocol Address Length
6	48	arp.oper	Operation
8	64	arp.sha	Sender Hardware Address
14	112	arp.spa	Sender Protocol Address
18	144	arp.tha	Target Hardware Address
24	192	arp.tpa	Target Protocol Address

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class pcapkit.protocols.link.arp.DataType_ARP

Bases

TypedDict

ARP header [RFC 826].

htype: pcapkit.const.arp.Headware

hardware type

ptype: Union[pcapkit.const.reg.ethertype.EtherType, str]

protocol type

hlen: int

headware address length

plen: int

protocol address length

oper: pcapkit.const.arp.operation.Operation

operation

sha: str

sender hardware address

---

*

http://en.wikipedia.org/wiki/Address_Resolution_Protocol

Ethernet Protocol

pcapkit.protocols.link.ethernet contains Ethernet only, which implements extractor for Ethernet Protocol *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	eth.dst	Destination MAC Address
1	8	eth.src	Source MAC Address
2	16	eth.type	Protocol (Internet Layer)

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class DataType_Ethernet

Bases

TypedDict

Ethernet header.

dst: str

destination MAC address

src: str

source MAC address

type: pcapkit.const.reg.ethertype.EtherType

protocol (Internet layer)

---

*

https://en.wikipedia.org/wiki/Ethernet

L2TP - Layer Two Tunnelling Protocol

pcapkit.protocols.link.l2tp contains L2TP only, which implements extractor for Layer Two Tunnelling Protocol (L2TP) *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	l2tp.flags	Flags and Version Info
0	0	l2tp.flags.type	Type (control / data)
0	1	l2tp.flags.len	Length
0	2		Reserved (must be zero x00)
0	4	l2tp.flags.seq	Sequence
0	5		Reserved (must be zero x00)
0	6	l2tp.flags.offset	Offset
0	7	l2tp.flags.prio	Priority
1	8		Reserved (must be zero x00)
1	12	l2tp.ver	Version (2)
2	16	l2tp.length	Length (optional by len)
4	32	l2tp.tunnelid	Tunnel ID
6	48	l2tp.sessionid	Session ID
8	64	l2tp.ns	Sequence Number (optional by seq)
10	80	l2tp.nr	Next Sequence Number (optional by seq)
12	96	l2tp.offset	Offset Size (optional by offset)

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class DataType_L2TP

Bases

TypedDict

L2TP header.

flags: DataTYpe_Flags

flags & versoion info

version: Literal[2]

version (2)

length: Optional[int]

length (optional by len)

tunnelid: int

tunnel ID

sessionid: int

session ID

ns: Optional[int]

sequence number (optional by seq)

nr: Optional[int]

next sequence number (optional by seq)

offset: Optional[int]

offset (optional by offset)

class DataType_Flags

Bases

TypedDict

Flags and version info.

type: Literal['Control', 'Data']

type (control / data)

len: bool

length

seq: bool

sequence

offset: bool

offset

prio: bool

priority

---

*

https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol

OSPF - Open Shortest Path First

pcapkit.protocols.link.ospf contains OSPF only, which implements extractor for Open Shortest Path First (OSPF) *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	ospf.version	Version Number
0	0	ospf.type	Type
0	1	ospf.len	Packet Length (header included)
0	2	ospf.router_id	Router ID
0	4	ospf.area_id	Area ID
0	6	ospf.chksum	Checksum
0	7	ospf.autype	Authentication Type
1	8	ospf.auth	Authentication

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class DataType_OSPF

Bases

TypedDict

OSPF header.

version: int

version number

type: pcapkit.const.ospf.packet.Packet

type

len: int

packet length (header included)

router_id: ipaddress.IPv4Address

router ID

area_id: ipaddress.IPv4Address

area ID

chksum: bytes

checksum

autype: pcapkit.const.ospf.authentication.Authentication

authentication type

auth: Union[bytes, DataType_Auth]

authentication

Cryptographic Authentication Information

For cryptographic authentication information as described in RFC 2328, its structure is described as below:

Octets	Bits	Name	Description
0	0		Reserved (must be zero \x00)
0	0	ospf.auth.key_id	Key ID
0	1	ospf.auth.len	Authentication Data Length
0	2	ospf.auth.seq	Cryptographic Sequence Number

class DataType_Auth

Bases

TypedDict

Cryptographic authentication.

key_id: int

key ID

len: int

authentication data length

seq: int

cryptographic sequence number

---

*

https://en.wikipedia.org/wiki/Open_Shortest_Path_First

RARP/DRARP - (Dynamic) Reverse Address Resolution Protocol

pcapkit.protocols.link.rarp contains RARP only, which implements extractor for (Dynamic) Reverse Address Resolution Protocol (RARP/DRARP) *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	rarp.htype	Hardware Type
2	16	rarp.ptype	Protocol Type
4	32	rarp.hlen	Hardware Address Length
5	40	rarp.plen	Protocol Address Length
6	48	rarp.oper	Operation
8	64	rarp.sha	Sender Hardware Address
14	112	rarp.spa	Sender Protocol Address
18	144	rarp.tha	Target Hardware Address
24	192	rarp.tpa	Target Protocol Address

---

*

http://en.wikipedia.org/wiki/Address_Resolution_Protocol

VLAN - 802.1Q Customer VLAN Tag Type

pcapkit.protocols.link.vlan contains VLAN only, which implements extractor for 802.1Q Customer VLAN Tag Type *, whose structure is described as below:

Octets	Bits	Name	Description
1	0	vlan.tci	Tag Control Information
1	0	vlan.tci.pcp	Priority Code Point
1	3	vlan.tci.dei	Drop Eligible Indicator
1	4	vlan.tci.vid	VLAN Identifier
3	24	vlan.type	Protocol (Internet Layer)

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class DataType_VLAN

Bases

TypedDict

IEEE 802.1Q customer VLAN tag type [RFC 7042].

tci: DataType_TCI

Tag control information.

type: pcapkit.const.reg.ethertype.EtherType

Protocol (internet layer).

class DataType_TCI

Bases

TypedDict

Tag control information.

pcp: pcapkit.const.vlan.priority_level.PriorityLevel

Priority code point.

dei: bool

Drop eligible indicator.

vid: int

VLAN identifier.

---

*

https://en.wikipedia.org/wiki/IEEE_802.1Q

Base Protocol

pcapkit.protocols.link.link contains Link, which is a base class for link layer protocols, e.g. ARP/InARP, Ethernet, L2TP, OSPF, RARP/DRARP and etc.

Internet Layer Protocols

pcapkit.protocols.internet is collection of all protocols in internet layer, with detailed implementation and methods.

AH - Authentication Header

pcapkit.protocols.internet.ah contains AH only, which implements extractor for Authentication Header (AH) *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	ah.next	Next Header
1	8	ah.length	Payload Length
2	16		Reserved (must be zero)
4	32	sah.spi	Security Parameters Index (SPI)
8	64	sah.seq	Sequence Number Field
12	96	sah.icv	Integrity Check Value (ICV)

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class DataType_AH

Bases

TypedDict

Authentication header [RFC 4302].

next: pcapkit.const.reg.transtype.TransType

Next header.

length: int

Payload length.

spi: int

Security parameters index (SPI).

seq: int

Sequence number field.

icv: int

Integrity check value (ICV).

---

*

https://en.wikipedia.org/wiki/IPsec

HIP - Host Identity Protocol

pcapkit.protocols.internet.hip contains HIP only, which implements extractor for Host Identity Protocol (HIP) *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	hip.next	Next Header
1	8	hip.length	Header Length
2	16		Reserved (\x00)
2	17	hip.type	Packet Type
3	24	hip.version	Version
3	28		Reserved
3	31		Reserved (\x01)
4	32	hip.chksum	Checksum
6	48	hip.control	Controls
8	64	hip.shit	Sender’s Host Identity Tag
24	192	hip.rhit	Receiver’s Host Identity Tag
40	320	hip.parameters	HIP Parameters

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class DataType_HIP

Bases

TypedDict

HIP header [RFC 5201][RFC 7401].

next: pcapkit.const.reg.transtype.TransType

Next header.

length: int

Header length.

type: pcapkit.const.hip.packet.Packet

Packet type.

version: Literal[1, 2]

Version.

chksum: bytes

Checksum.

control: DataType_Control

Controls.

shit: int

Sender’s host identity tag.

rhit: int

Receiver’s host identity tag.

parameters: Optional[Tuple[pcapkit.const.hip.parameter.Parameter]]

HIP parameters.

class DataType_Control

Bases

TypedDict

HIP controls.

anonymous: bool

Anonymous.

class DataType_Parameter

Bases

TypedDict

HIP parameters.

type: pcapkit.const.hip.parameter.Parameter

Parameter type.

critical: bool

Critical bit.

length: int

Length of contents.

HIP Unassigned Parameters

For HIP unassigned parameters as described in RFC 5201 and RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	para.type	Parameter Type
1	15	para.critical	Critical Bit
2	16	para.length	Length of Contents
4	32	para.contents	Contents Padding

class DataType_Param_Unassigned

Bases

DataType_Parameter

Structure of HIP unassigned parameters [RFC 5201][RFC 7401].

contents: bytes

Contents.

HIP ESP_INFO Parameter

For HIP ESP_INFO parameter as described in RFC 7402, its structure is described as below:

Octets	Bits	Name	Description
0	0	esp_info.type	Parameter Type
1	15	esp_info.critical	Critical Bit
2	16	esp_info.length	Length of Contents
4	32		Reserved
6	48	esp_info.index	KEYMAT Index
8	64	esp_info.old_spi	OLD SPI
12	96	esp_info.new_spi	NEW SPI

class DataType_Param_ESP_Info

Bases

DataType_Parameter

Structure of HIP ESP_INFO parameter [RFC 7402].

index: int

KEYMAT index.

old_spi: int

Old SPI.

new_spi: int

New SPI.

HIP R1_COUNTER Parameter

For HIP R1_COUNTER parameter as described in RFC 5201 and RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	ri_counter.type	Parameter Type
1	15	ri_counter.critical	Critical Bit
2	16	ri_counter.length	Length of Contents
4	32		Reserved
8	64	ri_counter.count	Generation of Valid Puzzles

class DataType_Param_R1_Counter

Bases

DataType_Parameter

Structure of HIP R1_COUNTER parameter [RFC 5201][RFC 7401].

count: int

Generation of valid puzzles.

HIP LOCATOR_SET Parameter

For HIP LOCATOR_SET parameter as described in RFC 8046, its structure is described as below:

Octets	Bits	Name	Description
0	0	locator_set.type	Parameter Type
1	15	locator_set.critical	Critical Bit
2	16	locator_set.length	Length of Contents
?	?	…	…
4	32	locator.traffic	Traffic Type
5	40	locator.type	Locator Type
6	48	locator.length	Locator Length
7	56		Reserved
7	63	locator.preferred	Preferred Locator
8	64	locator.lifetime	Locator Lifetime
12	96	locator.object	Locator
?	?	…	…

class DataType_Param_Locator_Set

Bases

DataType_Parameter

Structure of HIP LOCATOR_SET parameter [RFC 8046].

locator: Tuple[DataType_Locator]

Locator set.

class DataType_Locator

Bases

TypedDict

Locator.

traffic: int

Traffic type.

type: int

Locator type.

length: int

Locator length.

preferred: int

Preferred length.

lifetime: int

Locator lifetime.

object: DataType_Locator_Dict

Locator.

class DataType_Locator_Dict

Bases

TypedDict

Locator type 2.

spi: int

SPI.

ip: ipaddress.IPv4Address

HIP PUZZLE Parameter

For HIP PUZZLE parameter as described in RFC 5201 and RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	puzzle.type	Parameter Type
1	15	puzzle.critical	Critical Bit
2	16	puzzle.length	Length of Contents
4	32	puzzle.number	Number of Verified Bits
5	40	puzzle.lifetime	Lifetime
6	48	puzzle.opaque	Opaque
8	64	puzzle.random	Random Number

class DataType_Param_Puzzle

Bases

DataType_Parameter

Structure of HIP PUZZLE parameter [RFC 5201][RFC 7401].

number: int

Number of verified bits.

lifetime: int

Lifetime.

opaque: bytes

Opaque.

random: int

Random number.

HIP SOLUTION Parameter

For HIP SOLUTION parameter as described in RFC 5201 and RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	solution.type	Parameter Type
1	15	solution.critical	Critical Bit
2	16	solution.length	Length of Contents
4	32	solution.number	Number of Verified Bits
5	40	solution.lifetime	Lifetime
6	48	solution.opaque	Opaque
8	64	solution.random	Random Number
?	?	solution.solution	Puzzle Solution

class DataType_Param_Solution

Bases

DataType_Parameter

Structure of HIP SOLUTION parameter [RFC 5201][RFC 7401].

number: number

Number of verified bits.

lifetime: int

Lifetime.

opaque: bytes

Opaque.

random: int

Random number.

solution: int

Puzzle solution.

HIP SEQ Parameter

For HIP SEQ parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	seq.type	Parameter Type
1	15	seq.critical	Critical Bit
2	16	seq.length	Length of Contents
4	32	seq.id	Update ID

class DataType_Param_SEQ

Bases

DataType_Parameter

Structure of HIP SEQ parameter [RFC 7401].

id: int

Update ID.

HIP ACK Parameter

For HIP ACK parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	ack.type	Parameter Type
1	15	ack.critical	Critical Bit
2	16	ack.length	Length of Contents
4	32	ack.id	Peer Update ID

class DataType_Param_ACK

Bases

DataType_Parameter

id: Tuple[int]

Array of peer update IDs.

HIP DH_GROUP_LIST Parameter

For HIP DH_GROUP_LIST parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	dh_group_list.type	Parameter Type
1	15	dh_group_list.critical	Critical Bit
2	16	dh_group_list.length	Length of Contents
4	32	dh_group_list.id	DH GROUP ID

class DataType_Param_DH_Group_List

Bases

DataType_Parameter

Structure of HIP DH_GROUP_LIST parameter [RFC 7401].

id: Tuple[pcapkit.const.hip.group.Group]

Array of DH group IDs.

HIP DEFFIE_HELLMAN Parameter

For HIP DEFFIE_HELLMAN parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	diffie_hellman.type	Parameter Type
1	15	diffie_hellman.critical	Critical Bit
2	16	diffie_hellman.length	Length of Contents
4	32	diffie_hellman.id	Group ID
5	40	diffie_hellman.pub_len	Public Value Length
6	48	diffie_hellman.pub_val	Public Value
?	?		Padding

class DataType_Param_Deffie_Hellman

Bases

DataType_Parameter

Structure of HIP DEFFIE_HELLMAN parameter [RFC 7401].

id: pcapkit.const.hip.group.Group

Group ID.

pub_len: int

Public value length.

pub_val: bytes

Public value.

HIP HIP_TRANSFORM Parameter

For HIP HIP_TRANSFORM parameter as described in RFC 5201, its structure is described as below:

Octets	Bits	Name	Description
0	0	hip_transform.type	Parameter Type
1	15	hip_transform.critical	Critical Bit
2	16	hip_transform.length	Length of Contents
4	32	hip_transform.id	Group ID
?	?	…	…
?	?		Padding

class DataType_Param_Transform

Bases

DataType_Parameter

Structure of HIP HIP_TRANSFORM parameter [RFC 5201].

id: Tuple[pcapkit.const.hip.suite.Suite]

Array of group IDs.

HIP HIP_CIPHER Parameter

For HIP HIP_CIPHER parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	hip_cipher.type	Parameter Type
1	15	hip_cipher.critical	Critical Bit
2	16	hip_cipher.length	Length of Contents
4	32	hip_cipher.id	Cipher ID
?	?	…	…
?	?		Padding

class DataType_Param_Cipher

Bases

DataType_Parameter

Structure of HIP HIP_CIPHER parameter [RFC 7401].

id: Tuple[pcapkit.const.hip.cipher.Cipher]

Array of cipher IDs.

HIP NAT_TRAVERSAL_MODE Parameter

For HIP NAT_TRAVERSAL_MODE parameter as described in RFC 5770, its structure is described as below:

Octets	Bits	Name	Description
0	0	nat_traversal_mode.type	Parameter Type
1	15	nat_traversal_mode.critical	Critical Bit
2	16	nat_traversal_mode.length	Length of Contents
4	32		Reserved
6	48	nat_traversal_mode.id	Mode ID
?	?	…	…
?	?		Padding

class DataType_Param_NET_Traversal_Mode

Bases

DataType_Parameter

Structure of HIP NAT_TRAVERSAL_MODE parameter [RFC 5770].

id: Tuple[pcapkit.const.hip.nat_traversal.NETTraversal]

Array of mode IDs.

HIP TRANSACTION_PACING Parameter

For HIP TRANSACTION_PACING parameter as described in RFC 5770, its structure is described as below:

Octets	Bits	Name	Description
0	0	transaction_pacing.type	Parameter Type
1	15	transaction_pacing.critical	Critical Bit
2	16	transaction_pacing.length	Length of Contents
4	32	transaction_pacing.min_ta	Min Ta

class DataType_Param_Transaction_Pacing

Bases

DataType_Parameter

Structure of HIP TRANSACTION_PACING parameter [RFC 5770].

min_ta: int

Min Ta.

HIP ENCRYPTED Parameter

For HIP ENCRYPTED parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	encrypted.type	Parameter Type
1	15	encrypted.critical	Critical Bit
2	16	encrypted.length	Length of Contents
4	32		Reserved
8	48	encrypted.iv	Initialization Vector
?	?	encrypted.data	Encrypted data
?	?		Padding

class DataType_Param_Encrypted

Bases

DataType_Parameter

Structure of HIP ENCRYPTED parameter [RFC 7401].

raw: bytes

Raw content data.

HIP HOST_ID Parameter

For HIP HOST_ID parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	host_id.type	Parameter Type
1	15	host_id.critical	Critical Bit
2	16	host_id.length	Length of Contents
4	32	host_id.id_len	Host Identity Length
6	48	host_id.di_type	Domain Identifier Type
6	52	host_id.di_len	Domain Identifier Length
8	64	host_id.algorithm	Algorithm
10	80	host_id.host_id	Host Identity
?	?	host_id.domain_id	Domain Identifier
?	?		Padding

class DataType_Param_Host_ID

Bases

DataType_Parameter

Structure of HIP HOST_ID parameter [RFC 7401].

id_len: int

Host identity length.

di_type: pcapkit.const.hip.di_type.DIType

Domain identifier type.

di_len: int

Domain identifier length.

algorithm: pcapkit.const.hip.hi_algorithm.HIAlgorithm

Algorithm.

host_id: Union[bytes, DataType_Host_ID_ECDSA_Curve, DataType_Host_ID_ECDSA_LOW_Curve]

Host identity.

domain_id: bytes

Domain identifier.

class DataType_Host_ID_ECDSA_Curve

Bases

TypedDict

Host identity data.

curve: pcapkit.const.hip.ecdsa_curve.ECDSACurve

ECDSA curve.

pubkey: bytes

Public key.

class DataType_Host_ID_ECDSA_LOW_Curve

Bases

TypedDict

Host identity data.

curve: pcapkit.const.hip.ecdsa_low_curve.ECDSALowCurve

ECDSA_Low curve.

pubkey: bytes

Public key.

HIP HIT_SUITE_LIST Parameter

For HIP HIT_SUITE_LIST parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	hit_suite_list.type	Parameter Type
1	15	hit_suite_list.critical	Critical Bit
2	16	hit_suite_list.length	Length of Contents
4	32	hit_suite_list.id	HIT Suite ID
?	?	…	…
?	?		Padding

class DataType_Param_HIT_Suite_List

Bases

DataType_Parameter

Structure of HIP HIT_SUITE_LIST parameter [RFC 7401].

id: Tuple[pcapkit.const.hip.hit_suite.HITSuite]

Array of HIT suite IDs.

HIP CERT Parameter

For HIP CERT parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	cert.type	Parameter Type
1	15	cert.critical	Critical Bit
2	16	cert.length	Length of Contents
4	32	cert.group	CERT Group
5	40	cert.count	CERT Count
6	48	cert.id	CERT ID
7	56	cert.cert_type	CERT Type
8	64	cert.certificate	Certificate
?	?		Padding

class DataType_Param_Cert

Bases

DataType_Parameter

Structure of HIP CERT parameter [RFC 7401].

group: pcapkit.const.hip.group.Group

CERT group.

count: int

CERT count.

id: int

CERT ID.

cert_type: pcapkit.const.hip.certificate.Certificate

certificate: bytes

Certificate.

HIP NOTIFICATION Parameter

For HIP NOTIFICATION parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	notification.type	Parameter Type
1	15	notification.critical	Critical Bit
2	16	notification.length	Length of Contents
4	32		Reserved
6	48	notification.msg_type	Notify Message Type
8	64	notification.data	Notification Data
?	?		Padding

class DataType_Param_Notification

Bases

DataType_Parameter

Structure of HIP NOTIFICATION parameter [RFC 7401].

msg_type: pcapkit.const.hip.notify_message.NotifyMessage

Notify message type.

data: bytes

Notification data.

HIP ECHO_REQUEST_SIGNED Parameter

For HIP ECHO_REQUEST_SIGNED parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	echo_request_signed.type	Parameter Type
1	15	echo_request_signed.critical	Critical Bit
2	16	echo_request_signed.length	Length of Contents
4	32	echo_request_signed.data	Opaque Data

class DataType_Param_Echo_Request_Signed

Bases

DataType_Parameter

Structure of HIP ECHO_REQUEST_SIGNED parameter [RFC 7401].

data: bytes

Opaque data.

HIP REG_INFO Parameter

For HIP REG_INFO parameter as described in RFC 8003, its structure is described as below:

Octets	Bits	Name	Description
0	0	reg_info.type	Parameter Type
1	15	reg_info.critical	Critical Bit
2	16	reg_info.length	Length of Contents
4	32	reg_info.lifetime	Lifetime
4	32	reg_info.lifetime.min	Min Lifetime
5	40	reg_info.lifetime.max	Max Lifetime
6	48	reg_info.reg_type	Reg Type
?	?	…	…
?	?		Padding

class DataType_Param_Reg_Info

Bases

DataType_Parameter

Structure of HIP REG_INFO parameter [RFC 8003].

lifetime: DataType_Lifetime

Lifetime.

reg_type: Tuple[pcapkit.const.hip.registration.Registration]

Array of registration type.

class DataType_Lifetime

Bases

NamedTuple

Lifetime.

min: int

Minimum lifetime.

maz: int

Maximum lifetime.

HIP REG_REQUEST Parameter

For HIP REG_REQUEST parameter as described in RFC 8003, its structure is described as below:

Octets	Bits	Name	Description
0	0	reg_request.type	Parameter Type
1	15	reg_request.critical	Critical Bit
2	16	reg_request.length	Length of Contents
4	32	reg_request.lifetime	Lifetime
4	32	reg_request.lifetime.min	Min Lifetime
5	40	reg_request.lifetime.max	Max Lifetime
6	48	reg_request.reg_type	Reg Type
?	?	…	…
?	?		Padding

class DataType_Param_Reg_Request

Bases

DataType_Parameter

Structure of HIP REG_REQUEST parameter [RFC 8003].

lifetime: DataType_Lifetime

Lifetime.

reg_type: Tuple[pcapkit.const.hip.registration.Registration]

Array of registration type.

HIP REG_RESPONSE Parameter

For HIP REG_RESPONSE parameter as described in RFC 8003, its structure is described as below:

Octets	Bits	Name	Description
0	0	reg_response.type	Parameter Type
1	15	reg_response.critical	Critical Bit
2	16	reg_response.length	Length of Contents
4	32	reg_response.lifetime	Lifetime
4	32	reg_response.lifetime.min	Min Lifetime
5	40	reg_response.lifetime.max	Max Lifetime
6	48	reg_response.reg_type	Reg Type
?	?	…	…
?	?		Padding

class DataType_Param_Reg_Response

Bases

DataType_Parameter

Structure of HIP REG_RESPONSE parameter [RFC 8003].

lifetime: DataType_Lifetime

Lifetime.

reg_type: Tuple[pcapkit.const.hip.registration.Registration]

Array of registration type.

HIP REG_FAILED Parameter

For HIP REG_FAILED parameter as described in RFC 8003, its structure is described as below:

Octets	Bits	Name	Description
0	0	reg_failed.type	Parameter Type
1	15	reg_failed.critical	Critical Bit
2	16	reg_failed.length	Length of Contents
4	32	reg_failed.lifetime	Lifetime
4	32	reg_failed.lifetime.min	Min Lifetime
5	40	reg_failed.lifetime.max	Max Lifetime
6	48	reg_failed.reg_type	Reg Type
?	?	…	…
?	?		Padding

class DataType_Param_Reg_Failed

Bases

DataType_Parameter

Structure of HIP REG_FAILED parameter [RFC 8003].

lifetime: DataType_Lifetime

Lifetime.

reg_type: Tuple[pcapkit.const.hip.registration.Registration]

Array of registration type.

HIP REG_FROM Parameter

For HIP REG_FROM parameter as described in RFC 5770, its structure is described as below:

Octets	Bits	Name	Description
0	0	reg_from.type	Parameter Type
1	15	reg_from.critical	Critical Bit
2	16	reg_from.length	Length of Contents
4	32	reg_from.port	Port
6	48	reg_from.protocol	Protocol
7	56		Reserved
8	64	reg_from.ip	Address (IPv6)

class DataType_Param_Reg_From

Bases

DataType_Parameter

Structure of HIP REG_FROM parameter [RFC 5770].

port: int

Port.

protocol: pcapkit.const.reg.transtype.TransType

Protocol.

ip: ipaddress.IPv6Address

IPv6 address.

HIP ECHO_RESPONSE_SIGNED Parameter

For HIP ECHO_RESPONSE_SIGNED parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	echo_response_signed.type	Parameter Type
1	15	echo_response_signed.critical	Critical Bit
2	16	echo_response_signed.length	Length of Contents
4	32	echo_response_signed.data	Opaque Data

class DataType_Param_Echo_Response_Signed

Bases

DataType_Parameter

Structure of HIP ECHO_RESPONSE_SIGNED parameter [RFC 7401].

data: bytes

Opaque data.

HIP TRANSPORT_FORMAT_LIST Parameter

For HIP TRANSPORT_FORMAT_LIST parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	transport_format_list.type	Parameter Type
1	15	transport_format_list.critical	Critical Bit
2	16	transport_format_list.length	Length of Contents
4	32	transport_format_list.tf_type	TF Type
?	?	…	…
?	?		Padding

class DataType_Param_Transform_Format_List

Bases

DataType_Parameter

Structure of HIP TRANSPORT_FORMAT_LIST parameter [RFC 7401].

tf_type: Tuple[int]

Array of TF types.

HIP ESP_TRANSFORM Parameter

For HIP ESP_TRANSFORM parameter as described in RFC 7402, its structure is described as below:

Octets	Bits	Name	Description
0	0	esp_transform.type	Parameter Type
1	15	esp_transform.critical	Critical Bit
2	16	esp_transform.length	Length of Contents
4	32		Reserved
6	48	esp_transform.id	Suite ID
?	?	…	…
?	?		Padding

class DataType_Param_ESP_Transform

Bases

DataType_Parameter

Structure of HIP ESP_TRANSFORM parameter [RFC 7402].

id: Tuple[pcapkit.const.hip.esp_transform_suite.ESPTransformSuite]

Array of suite IDs.

HIP SEQ_DATA Parameter

For HIP SEQ_DATA parameter as described in RFC 6078, its structure is described as below:

Octets	Bits	Name	Description
0	0	seq_data.type	Parameter Type
1	15	seq_data.critical	Critical Bit
2	16	seq_data.length	Length of Contents
4	32	seq_data.seq	Sequence number

class DataType_Param_SEQ_Data

Bases

DataType_Parameter

Structure of HIP SEQ_DATA parameter [RFC 6078].

seq: int

Sequence number.

HIP ACK_DATA Parameter

For HIP ACK_DATA parameter as described in RFC 6078, its structure is described as below:

Octets	Bits	Name	Description
0	0	ack_data.type	Parameter Type
1	15	ack_data.critical	Critical Bit
2	16	ack_data.length	Length of Contents
4	32	ack_data.ack	Acked Sequence number

class DataType_Param_ACK_Data

Bases

DataType_Parameter

Structure of HIP ACK_DATA parameter [RFC 6078].

ack: Tuple[int]

Array of ACKed sequence number.

HIP PAYLOAD_MIC Parameter

For HIP PAYLOAD_MIC parameter as described in RFC 6078, its structure is described as below:

Octets	Bits	Name	Description
0	0	payload_mic.type	Parameter Type
1	15	payload_mic.critical	Critical Bit
2	16	payload_mic.length	Length of Contents
4	32	payload_mic.next	Next Header
5	40		Reserved
8	64	payload_mic.data	Payload Data
12	96	payload_mic.value	MIC Value
?	?		Padding

class DataType_Param_Payload_MIC

Bases

DataType_Parameter

Structure of HIP PAYLOAD_MIC parameter [RFC 6078].

next: pcapkit.const.reg.transtype.TransType

Next header.

data: bytes

Payload data.

value: bytes

MIC value.

HIP TRANSACTION_ID Parameter

For HIP TRANSACTION_ID parameter as described in RFC 6078, its structure is described as below:

Octets	Bits	Name	Description
0	0	transaction_id.type	Parameter Type
1	15	transaction_id.critical	Critical Bit
2	16	transaction_id.length	Length of Contents
4	32	transaction_id.id	Identifier

class DataType_Param_Transaction_ID

Bases

DataType_Parameter

Structure of HIP TRANSACTION_ID parameter [RFC 6078].

id: int

Identifier.

HIP OVERLAY_ID Parameter

For HIP OVERLAY_ID parameter as described in RFC 6079, its structure is described as below:

Octets	Bits	Name	Description
0	0	overlay_id.type	Parameter Type
1	15	overlay_id.critical	Critical Bit
2	16	overlay_id.length	Length of Contents
4	32	overlay_id.id	Identifier

class DataType_Param_Overlay_ID

Bases

DataType_Parameter

Structure of HIP OVERLAT_ID parameter [RFC 6079].

id: int

Identifier.

HIP ROUTE_DST Parameter

For HIP ROUTE_DST parameter as described in RFC 6079, its structure is described as below:

Octets	Bits	Name	Description
0	0	route_dst.type	Parameter Type
1	15	route_dst.critical	Critical Bit
2	16	route_dst.length	Length of Contents
4	32	route_dst.flags	Flags
4	32	route_dst.flags.symmetric	SYMMETRIC [RFC 6028]
4	33	route_dst.flags.must_follow	MUST_FOLLOW [RFC 6028]
6	48		Reserved
8	64	route_dst.ip	HIT
?	?	…	…

class DataType_Param_Route_Dst

Bases

DataType_Parameter

Structure of HIP ROUTE_DST parameter [RFC 6028].

flags: DataType_Flags

Flags.

ip: Tuple[ipaddress.IPv6Address]

Array of HIT addresses.

class DataType_Flags

Bases

TypedDict

Flags.

symmetric: bool

SYMMETRIC flag [RFC 6028].

must_follow: bool

MUST_FOLLOW flag [RFC 6028].

HIP HIP_TRANSPORT_MODE Parameter

For HIP HIP_TRANSPORT_MODE parameter as described in RFC 6261, its structure is described as below:

Octets	Bits	Name	Description
0	0	hip_transport_mode.type	Parameter Type
1	15	hip_transport_mode.critical	Critical Bit
2	16	hip_transport_mode.length	Length of Contents
4	32	hip_transport_mode.port	Port
6	48	hip_transport_mode.id	Mode ID
?	?	…	…
?	?		Padding

class DataType_Param_Transport_Mode

Bases

DataType_Parameter

Structure of HIP HIP_TRANSPORT_MODE parameter [RFC 6261].

port: int

Port.

id: Tuple[pcapkit.const.hip.transport.Transport]

Array of transport mode IDs.

HIP HIP_MAC Parameter

For HIP HIP_MAC parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	hip_mac.type	Parameter Type
1	15	hip_mac.critical	Critical Bit
2	16	hip_mac.length	Length of Contents
4	32	hip_mac.hmac	HMAC
?	?		Padding

class DataType_Param_HMAC

Bases

DataType_Parameter

Structure of HIP HIP_MAC parameter [RFC 7401].

hmac: bytes

HMAC.

HIP HIP_MAC_2 Parameter

For HIP HIP_MAC_2 parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	hip_mac_2.type	Parameter Type
1	15	hip_mac_2.critical	Critical Bit
2	16	hip_mac_2.length	Length of Contents
4	32	hip_mac_2.hmac	HMAC
?	?		Padding

class DataType_Param_HMAC_2

Bases

DataType_Parameter

Structure of HIP HIP_MAC_2 parameter [RFC 7401].

hmac: bytes

HMAC.

HIP HIP_SIGNATURE_2 Parameter

For HIP HIP_SIGNATURE_2 parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	hip_signature_2.type	Parameter Type
1	15	hip_signature_2.critical	Critical Bit
2	16	hip_signature_2.length	Length of Contents
4	32	hip_signature_2.algorithm	SIG Algorithm
6	48	hip_signature_2.signature	Signature
?	?		Padding

class DataType_Param_Signature_2

Bases

DataType_Parameter

Structure of HIP HIP_SIGNATURE_2 parameter [RFC 7401].

algorithm: pcapkit.const.hip.hi_algorithm.HIAlgorithm

SIG algorithm.

signature: bytes

Signature.

HIP HIP_SIGNATURE Parameter

For HIP HIP_SIGNATURE parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	hip_signature.type	Parameter Type
1	15	hip_signature.critical	Critical Bit
2	16	hip_signature.length	Length of Contents
4	32	hip_signature.algorithm	SIG Algorithm
6	48	hip_signature.signature	Signature
?	?		Padding

class DataType_Param_Signature

Bases

DataType_Parameter

Structure of HIP HIP_SIGNATURE parameter [RFC 7401].

algorithm: pcapkit.const.hip.hi_algorithm.HIAlgorithm

SIG algorithm.

signature: bytes

Signature.

HIP ECHO_REQUEST_UNSIGNED Parameter

For HIP ECHO_REQUEST_UNSIGNED parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	echo_request_unsigned.type	Parameter Type
1	15	echo_request_unsigned.critical	Critical Bit
2	16	echo_request_unsigned.length	Length of Contents
4	32	echo_request_unsigned.data	Opaque Data

class DataType_Param_Echo_Request_Unsigned

Bases

DataType_Parameter

Structure of HIP ECHO_REQUEST_UNSIGNED parameter [RFC 7401].

data: bytes

Opaque data.

HIP ECHO_RESPONSE_UNSIGNED Parameter

For HIP ECHO_RESPONSE_UNSIGNED parameter as described in RFC 7401, its structure is described as below:

Octets	Bits	Name	Description
0	0	echo_response_unsigned.type	Parameter Type
1	15	echo_response_unsigned.critical	Critical Bit
2	16	echo_response_unsigned.length	Length of Contents
4	32	echo_response_unsigned.data	Opaque Data

class DataType_Param_Echo_Response_Unsigned

Bases

DataType_Parameter

Structure of HIP ECHO_RESPONSE_UNSIGNED parameter [RFC 7401].

data: bytes

Opaque data.

HIP RELAY_FROM Parameter

For HIP RELAY_FROM parameter as described in RFC 5770, its structure is described as below:

Octets	Bits	Name	Description
0	0	relay_from.type	Parameter Type
1	15	relay_from.critical	Critical Bit
2	16	relay_from.length	Length of Contents
4	32	relay_from.port	Port
6	48	relay_from.protocol	Protocol
7	56		Reserved
8	64	relay_from.ip	Address (IPv6)

class DataType_Param_Relay_From

Bases

DataType_Parameter

Structure of HIP RELAY_FROM parameter [RFC 5770].

port: int

Port.

protocol: pcapkit.const.reg.transtype.TransType

Protocol.

ip: ipaddress.IPv6Address

IPv6 address.

HIP RELAY_TO Parameter

For HIP RELAY_TO parameter as described in RFC 5770, its structure is described as below:

Octets	Bits	Name	Description
0	0	relay_to.type	Parameter Type
1	15	relay_to.critical	Critical Bit
2	16	relay_to.length	Length of Contents
4	32	relay_to.port	Port
6	48	relay_to.protocol	Protocol
7	56		Reserved
8	64	relay_to.ip	Address (IPv6)

class DataType_Param_Relay_To

Bases

DataType_Parameter

Structure of HIP RELAY_TO parameter [RFC 5770].

port: in

Port.

protocol: pcapkit.const.reg.transtype.TransType

Protocol.

ip: ipaddress.IPv6Address

IPv6 address.

HIP OVERLAY_TTL Parameter

For HIP OVERLAY_TTL parameter as described in RFC 6078, its structure is described as below:

Octets	Bits	Name	Description
0	0	overlay_ttl.type	Parameter Type
1	15	overlay_ttl.critical	Critical Bit
2	16	overlay_ttl.length	Length of Contents
4	32	overlay_ttl.ttl	TTL
6	48		Reserved

class DataType_Param_Overlay_TTL

Bases

DataType_Parameter

ttl: int

TTL.

HIP ROUTE_VIA Parameter

For HIP ROUTE_VIA parameter as described in RFC 6028, its structure is described as below:

Octets	Bits	Name	Description
0	0	route_via.type	Parameter Type
1	15	route_via.critical	Critical Bit
2	16	route_via.length	Length of Contents
4	32	route_via.flags	Flags
4	32	route_via.flags.symmetric	SYMMETRIC [RFC 6028]
4	33	route_via.flags.must_follow	MUST_FOLLOW [RFC 6028]
6	48		Reserved
8	64	route_dst.ip	HIT
?	?	…	…

class DataType_Param_Route_Via

Bases

DataType_Parameter

Structure of HIP ROUTE_VIA parameter [RFC 6028].

flags: DataType_Flags

Flags.

ip: Tuple[ipaddress.IPv6Address]

Array of HITs.

HIP FROM Parameter

For HIP FROM parameter as described in RFC 8004, its structure is described as below:

Octets	Bits	Name	Description
0	0	from.type	Parameter Type
1	15	from.critical	Critical Bit
2	16	from.length	Length of Contents
4	32	from.ip	Address

class DataType_Param_From

Bases

DataType_Parameter

Structure of HIP FROM parameter [RFC 8004].

ip: ipaddress.IPv6Address

IPv6 address.

HIP RVS_HMAC Parameter

For HIP RVS_HMAC parameter as described in RFC 8004, its structure is described as below:

Octets	Bits	Name	Description
0	0	rvs_hmac.type	Parameter Type
1	15	rvs_hmac.critical	Critical Bit
2	16	rvs_hmac.length	Length of Contents
4	32	rvs_hmac.hmac	HMAC
?	?		Padding

class DataType_Param_RVS_HMAC

Bases

DataType_Parameter

Structure of HIP RVS_HMAC parameter [RFC 8004].

hmac: bytes

HMAC.

HIP VIA_RVS Parameter

For HIP VIA_RVS parameter as described in RFC 6028, its structure is described as below:

Octets	Bits	Name	Description
0	0	via_rvs.type	Parameter Type
1	15	via_rvs.critical	Critical Bit
2	16	via_rvs.length	Length of Contents
4	32	via_rvs.ip	Address
?	?	…	…

class DataType_Param_Via_RVS

Bases

DataType_Parameter

Structure of HIP VIA_RVS parameter [RFC 6028].

ip: Tuple[ipaddress.IPv6]

Array of IPv6 addresses.

HIP RELAY_HMAC Parameter

For HIP RELAY_HMAC parameter as described in RFC 5770, its structure is described as below:

Octets	Bits	Name	Description
0	0	relay_hmac.type	Parameter Type
1	15	relay_hmac.critical	Critical Bit
2	16	relay_hmac.length	Length of Contents
4	32	relay_hmac.hmac	HMAC
?	?		Padding

class DataType_Param_Relay_HMAC

Bases

DataType_Parameter

hmac: bytes

HMAC.

---

*

https://en.wikipedia.org/wiki/Host_Identity_Protocol

HOPOPT - IPv6 Hop-by-Hop Options

pcapkit.protocols.internet.hopopt contains HOPOPT only, which implements extractor for IPv6 Hop-by-Hop Options header (HOPOPT) *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.next	Next Header
1	8	hopopt.length	Header Extensive Length
2	16	hopopt.options	Options

pcapkit.protocols.internet.hopopt._HOPOPT_ACT: Dict[str, str]

HOPOPT unknown option actions.

Code	Action
00	skip over this option and continue processing the header
01	discard the packet
10	discard the packet and, regardless of whether or not the packet’s Destination Address was a multicast address, send an ICMP Parameter Problem, Code 2, message to the packet’s Source Address, pointing to the unrecognized Option Type
11	discard the packet and, only if the packet’s Destination Address was not a multicast address, send an ICMP Parameter Problem, Code 2, message to the packet’s Source Address, pointing to the unrecognized Option Type

pcapkit.protocols.internet.hopopt._HOPOPT_OPT: Dict[int, Tuple[str, str]]

HOPOPT options.

Code	Acronym	Option	Reference
0x00	pad	Pad1	[RFC 8200] 0
0x01	pad	PadN	[RFC 8200]
0x04	tun	Tunnel Encapsulation Limit	[RFC 2473] 1
0x05	ra	Router Alert	[RFC 2711] 2
0x07	calipso	Common Architecture Label IPv6 Security Option	[RFC 5570]
0x08	smf_dpd	Simplified Multicast Forwarding	[RFC 6621]
0x0F	pdm	Performance and Diagnostic Metrics	[RFC 8250] 10
0x26	qs	Quick-Start	[RFC 4782][RFC Errata 2034] 6
0x63	rpl	Routing Protocol for Low-Power and Lossy Networks	[RFC 6553]
0x6D	mpl	Multicast Protocol for Low-Power and Lossy Networks	[RFC 7731]
0x8B	ilnp	Identifier-Locator Network Protocol Nonce	[RFC 6744]
0x8C	lio	Line-Identification Option	[RFC 6788]
0xC2	jumbo	Jumbo Payload	[RFC 2675]
0xC9	home	Home Address	[RFC 6275]
0xEE	ip_dff	Depth-First Forwarding	[RFC 6971]

pcapkit.protocols.internet.hopopt._HOPOPT_NULL: Dict[int, str]

HOPOPT unknown option descriptions.

Code	Description	Reference
0x1E	RFC3692-style Experiment	[RFC 4727]
0x3E	RFC3692-style Experiment	[RFC 4727]
0x4D	Deprecated	[RFC 7731]
0x5E	RFC3692-style Experiment	[RFC 4727]
0x7E	RFC3692-style Experiment	[RFC 4727]
0x8A	Endpoint Identification	DEPRECATED
0x9E	RFC3692-style Experiment	[RFC 4727]
0xBE	RFC3692-style Experiment	[RFC 4727]
0xDE	RFC3692-style Experiment	[RFC 4727]
0xFE	RFC3692-style Experiment	[RFC 4727]

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class pcapkit.protocols.internet.hopopt.DataType_HOPOPT

Bases

TypedDict

Structure of HOPOPT header [RFC 8200].

next: pcapkit.const.reg.transtype.TransType

Next header.

length: int

Header extensive length.

options: Tuple[pcapkit.const.ipv6.option.Option]

Array of option acronyms.

packet: bytes

Packet data.

class pcapkit.protocols.internet.hopopt.DataType_Option

Bases

TypedDict

HOPOPT option.

desc: str

Option description.

type: DataType_Option_Type

Option type.

length: int

Option length.

Note

This attribute is NOT the length specified in the HOPOPT optiona data, rather the total length of the current option.

HOPOPT Option Type

For HOPOPT option type field as described in RFC 791, its structure is described as below:

Octets	Bits	Name	Descriptions
0	0	hopopt.opt.type.value	Option Number
0	0	hopopt.opt.type.action	Action (00-11)
0	2	hopopt.opt.type.change	Change Flag (0/1)

class pcapkit.protocols.internet.hopopt.DataType_Option_Type

Bases

TypedDict

Structure of option type field [RFC 791].

value: int

Option number.

action: str

Action.

change: bool

Change flag.

HOPOPT Unassigned Options

For HOPOPT unassigned options as described in RFC 8200, its structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.opt.type	Option Type
0	0	hopopt.opt.type.value	Option Number
0	0	hopopt.opt.type.action	Action (00-11)
0	2	hopopt.opt.type.change	Change Flag (0/1)
1	8	hopopt.opt.length	Length of Option Data
2	16	hopopt.opt.data	Option Data

class pcapkit.protocols.internet.hopopt.DataType_Opt_None

Bases

DataType_Option

Structure of HOPOPT unassigned options [RFC 8200].

data: bytes

Option data.

HOPOPT Padding Options

Pad1 Option

For HOPOPT Pad1 option as described in RFC 8200, its structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.pad.type	Option Type
0	0	hopopt.pad.type.value	Option Number
0	0	hopopt.pad.type.action	Action (00)
0	2	hopopt.pad.type.change	Change Flag (0)

class pcapkit.protocols.internet.hopopt.DataType_Opt_Pad1

Bases

DataType_Option

Structure of HOPOPT padding options [RFC 8200].

length: Literal[1]

Option length.

PadN Option

For HOPOPT PadN option as described in RFC 8200, its structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.pad.type	Option Type
0	0	hopopt.pad.type.value	Option Number
0	0	hopopt.pad.type.action	Action (00)
0	2	hopopt.pad.type.change	Change Flag (0)
1	8	hopopt.opt.length	Length of Option Data
2	16	hopopt.pad.padding	Padding

class pcapkit.protocols.internet.hopopt.DataType_Opt_PadN

Bases

DataType_Option

Structure of HOPOPT padding options [RFC 8200].

padding: bytes

Padding data.

HOPOPT Tunnel Encapsulation Limit Option

For HOPOPT Tunnel Encapsulation Limit option as described in RFC 2473, its structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.tun.type	Option Type
0	0	hopopt.tun.type.value	Option Number
0	0	hopopt.tun.type.action	Action (00)
0	2	hopopt.tun.type.change	Change Flag (0)
1	8	hopopt.tun.length	Length of Option Data
2	16	hopopt.tun.limit	Tunnel Encapsulation Limit

class pcapkit.protocols.internet.hopopt.DataType_Opt_TUN

Bases

DataType_Option

Structure of HOPOPT Tunnel Encapsulation Limit option [RFC 2473].

limit: int

Tunnel encapsulation limit.

HOPOPT Router Alert Option

For HOPOPT Router Alert option as described in RFC 2711, its structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.ra.type	Option Type
0	0	hopopt.ra.type.value	Option Number
0	0	hopopt.ra.type.action	Action (00)
0	2	hopopt.ra.type.change	Change Flag (0)
1	8	hopopt.opt.length	Length of Option Data
2	16	hopopt.ra.value	Value

class pcapkit.protocols.internet.hopopt.DataType_Opt_RA

Bases

DataType_Option

Structure of HOPOPT Router Alert option [RFC 2711].

value: int

Router alert code value.

alert: pcapkit.const.ipv6.router_alter.RouterAlert

Router alert enumeration.

HOPOPT CALIPSO Option

For HOPOPT CALIPSO option as described in RFC 5570, its structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.calipso.type	Option Type
0	0	hopopt.calipso.type.value	Option Number
0	0	hopopt.calipso.type.action	Action (00)
0	2	hopopt.calipso.type.change	Change Flag (0)
1	8	hopopt.calipso.length	Length of Option Data
2	16	hopopt.calipso.domain	CALIPSO Domain of Interpretation
6	48	hopopt.calipso.cmpt_len	Cmpt Length
7	56	hopopt.calipso.level	Sens Level
8	64	hopopt.calipso.chksum	Checksum (CRC-16)
9	72	hopopt.calipso.bitmap	Compartment Bitmap

class pcapkit.protocols.internet.hopopt.DataType_Opt_CALIPSO

Bases

DataType_Option

Structure of HOPOPT CALIPSO option [RFC 5570].

domain: int

CALIPSO domain of interpretation.

cmpt_len: int

Compartment length.

level: int

Sene level.

chksum: bytes

Checksum (CRC-16).

bitmap: Tuple[str]

Compartment bitmap.

HOPOPT SMF_DPD Option

I-DPD Mode

For IPv6 SMF_DPD option header in I-DPD mode as described in RFC 5570, its structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.smf_dpd.type	Option Type
0	0	hopopt.smf_dpd.type.value	Option Number
0	0	hopopt.smf_dpd.type.action	Action (00)
0	2	hopopt.smf_dpd.type.change	Change Flag (0)
1	8	hopopt.smf_dpd.length	Length of Option Data
2	16	hopopt.smf_dpd.dpd_type	DPD Type (0)
2	17	hopopt.smf_dpd.tid_type	TaggerID Type
2	20	hopopt.smf_dpd.tid_len	TaggerID Length
3	24	hopopt.smf_dpd.tid	TaggerID
?	?	hopopt.smf_dpd.id	Identifier

class pcapkit.protocols.internet.hopopt.DataType_Opt_SMF_I_PDP

Bases

DataType_Option

Structure of HOPOPT SMF_DPD option in I-DPD mode [RFC 5570].

dpd_type: Literal['I-DPD']

DPD type.

tid_type: pcapkit.const.ipv6.tagger_id.TaggerID

TaggerID type.

tid_len: int

TaggerID length.

tid: int

TaggerID.

id: bytes

Identifier.

H-DPD Mode

For IPv6 SMF_DPD option header in H-DPD mode as described in RFC 5570, its structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.smf_dpd.type	Option Type
0	0	hopopt.smf_dpd.type.value	Option Number
0	0	hopopt.smf_dpd.type.action	Action (00)
0	2	hopopt.smf_dpd.type.change	Change Flag (0)
1	8	hopopt.smf_dpd.length	Length of Option Data
2	16	hopopt.smf_dpd.dpd_type	DPD Type (1)
2	17	hopopt.smf_dpd.hav	Hash Assist Value

class pcapkit.protocols.internet.hopopt.DataType_Opt_SMF_H_PDP

Bases

DataType_Option

Structure of HOPOPT SMF_DPD option in H-DPD mode [RFC 5570].

dpd_type: Literal['H-DPD']

DPD type.

hav: str

Hash assist value (as binary string).

HOPOPT PDM Option

For HOPOPT PDM option as described in RFC 8250, its structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.pdm.type	Option Type
0	0	hopopt.pdm.type.value	Option Number
0	0	hopopt.pdm.type.action	Action (00)
0	2	hopopt.pdm.type.change	Change Flag (0)
1	8	hopopt.pdm.length	Length of Option Data
2	16	hopopt.pdm.scaledtlr	Scale Delta Time Last Received
3	24	hopopt.pdm.scaledtls	Scale Delta Time Last Sent
4	32	hopopt.pdm.psntp	Packet Sequence Number This Packet
6	48	hopopt.pdm.psnlr	Packet Sequence Number Last Received
8	64	hopopt.pdm.deltatlr	Delta Time Last Received
10	80	hopopt.pdm.deltatls	Delta Time Last Sent

class pcapkit.protocols.internet.hopopt.DataType_Opt_PDM

Bases

DataType_Option

Structure of HOPOPT PDM option [RFC 8250].

scaledtlr: datetime.timedelta

Scale delta time last received.

scaledtls: datetime.timedelta

Scale delta time last sent.

psntp: int

Packet sequence number this packet.

psnlr: int

Packet sequence number last received.

deltatlr: datetime.timedelta

Delta time last received.

deltatls: datetime.timedelta

Delta time last sent.

HOPOPT Quick Start Option

For HOPOPT Quick Start option as described in RFC 4782, its structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.qs.type	Option Type
0	0	hopopt.qs.type.value	Option Number
0	0	hopopt.qs.type.action	Action (00)
0	2	hopopt.qs.type.change	Change Flag (1)
1	8	hopopt.qs.length	Length of Option Data
2	16	hopopt.qs.func	Function (0/8)
2	20	hopopt.qs.rate	Rate Request / Report (in Kbps)
3	24	hopopt.qs.ttl	QS TTL / None
4	32	hopopt.qs.nounce	QS Nounce
7	62		Reserved

class pcapkit.protocols.internet.hopopt.DataType_Opt_QS

Bases

DataType_Option

Structure of HOPOPT Quick Start option [RFC 8250].

func: pcapkit.const.ipv6.qs_function.QSFunction

Function.

rate: float

Rate request and/or report (in Kbps).

ttl: Optional[int]

QS TTL.

nounce: int

QS nounce.

HOPOPT RPL Option

For HOPOPT RPL option as described in RFC 6553, its structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.rpl.type	Option Type
0	0	hopopt.rpl.type.value	Option Number
0	0	hopopt.rpl.type.action	Action (01)
0	2	hopopt.rpl.type.change	Change Flag (1)
1	8	hopopt.rpl.length	Length of Option Data
2	16	hopopt.rpl.flags	RPL Option Flags
2	16	hopopt.rpl.flags.down	Down Flag
2	17	hopopt.rpl.flags.rank_error	Rank-Error Flag
2	18	hopopt.rpl.flags.fwd_error	Forwarding-Error Flag
3	24	hopopt.rpl.id	RPL Instance ID
4	32	hopopt.rpl.rank	SenderRank
6	48	hopopt.rpl.data	Sub-TLVs

class pcapkit.protocols.internet.hopopt.DataType_Opt_RPL

Bases

DataType_Option

Structure of HOPOPT RPL option [RFC 6553].

flags: DataType_RPL_Flags

RPL option flags.

id: int

RPL instance ID.

rank: int

Sender rank.

data: Optional[bytes]

Sub-TLVs (if hopopt.rpl.length is GREATER THAN 4).

class pcapkit.protocols.internet.hopopt.DataType_RPL_Flags

Bases

TypedDict

RPL option flags.

down: bool

Down flag.

rank_error: bool

Rank-Error flag.

fwd_error: bool

Forwarding-Error flag.

HOPOPT MPL Option

For HOPOPT MPL option as described in RFC 7731, its structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.mpl.type	Option Type
0	0	hopopt.mpl.type.value	Option Number
0	0	hopopt.mpl.type.action	Action (01)
0	2	hopopt.mpl.type.change	Change Flag (1)
1	8	hopopt.mpl.length	Length of Option Data
2	16	hopopt.mpl.seed_len	Seed-ID Length
2	18	hopopt.mpl.flags	MPL Option Flags
2	18	hopopt.mpl.max	Maximum SEQ Flag
2	19	hopopt.mpl.verification	Verification Flag
2	20		Reserved
3	24	hopopt.mpl.seq	Sequence
4	32	hopopt.mpl.seed_id	Seed-ID

class pcapkit.protocols.internet.hopopt.DataType_Opt_MPL

Bases

DataType_Option

Structure of HOPOPT MPL option [RFC 7731].

seed_len: pcapkit.const.ipv6.seed_id.SeedID

Seed-ID length.

flags: DataType_MPL_Flags

MPL option flags.

seq: int

Sequence.

seed_id: Optional[int]

Seed-ID.

class pcapkit.protocols.internet.hopopt.DataType_MPL_Flags

Bases

TypedDict

MPL option flags.

max: bool

Maximum sequence flag.

verification: bool

Verification flag.

HOPOPT ILNP Nounce Option

For HOPOPT ILNP Nounce option as described in RFC 6744, its structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.ilnp.type	Option Type
0	0	hopopt.ilnp.type.value	Option Number
0	0	hopopt.ilnp.type.action	Action (10)
0	2	hopopt.ilnp.type.change	Change Flag (0)
1	8	hopopt.ilnp.length	Length of Option Data
2	16	hopopt.ilnp.value	Nonce Value

class pcapkit.protocols.internet.hopopt.DataType_Opt_ILNP

Bases

DataType_Option

Structure of HOPOPT ILNP Nonce option [RFC 6744].

value: bytes

Nonce value.

HOPOPT Line-Identification Option

For HOPOPT Line-Identification option as described in RFC 6788, its structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.lio.type	Option Type
0	0	hopopt.lio.type.value	Option Number
0	0	hopopt.lio.type.action	Action (10)
0	2	hopopt.lio.type.change	Change Flag (0)
1	8	hopopt.lio.length	Length of Option Data
2	16	hopopt.lio.lid_len	Line ID Length
3	24	hopopt.lio.lid	Line ID

class pcapkit.protocols.internet.hopopt.DataType_Opt_LIO

Bases

DataType_Option

Structure of HOPOPT Line-Identification option [RFC 6788].

lid_len: int

Line ID length.

lid: bytes

Line ID.

HOPOPT Jumbo Payload Option

For HOPOPT Jumbo Payload option as described in RFC 2675, its structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.jumbo.type	Option Type
0	0	hopopt.jumbo.type.value	Option Number
0	0	hopopt.jumbo.type.action	Action (11)
0	2	hopopt.jumbo.type.change	Change Flag (0)
1	8	hopopt.jumbo.length	Length of Option Data
2	16	hopopt.jumbo.payload_len	Jumbo Payload Length

class pcapkit.protocols.internet.hopopt.DataType_Opt_Jumbo

Bases

DataType_Option

Structure of HOPOPT Jumbo Payload option [RFC 2675].

payload_len: int

Jumbo payload length.

HOPOPT Home Address Option

For HOPOPT Home Address option as described in RFC 6275, its structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.home.type	Option Type
0	0	hopopt.home.type.value	Option Number
0	0	hopopt.home.type.action	Action (11)
0	2	hopopt.home.type.change	Change Flag (0)
1	8	hopopt.home.length	Length of Option Data
2	16	hopopt.home.ip	Home Address

class pcapkit.protocols.internet.hopopt.DataType_Opt_Home

Bases

DataType_Option

Structure of HOPOPT Home Address option [RFC 6275].

ip: ipaddress.IPv6Address

Home address.

HOPOPT IP_DFF Option

For HOPOPT IP_DFF option as described in RFC 6971, its structure is described as below:

Octets	Bits	Name	Description
0	0	hopopt.ip_dff.type	Option Type
0	0	hopopt.ip_dff.type.value	Option Number
0	0	hopopt.ip_dff.type.action	Action (11)
0	2	hopopt.ip_dff.type.change	Change Flag (1)
1	8	hopopt.ip_dff.length	Length of Option Data
2	16	hopopt.ip_dff.version	Version
2	18	hopopt.ip_dff.flags	Flags
2	18	hopopt.ip_dff.flags.dup	DUP Flag
2	19	hopopt.ip_dff.flags.ret	RET Flag
2	20		Reserved
3	24	hopopt.ip_dff.seq	Sequence Number

class pcapkit.protocols.internet.hopopt.DataType_Opt_IP_DFF

Bases

DataType_Option

Structure of HOPOPT IP_DFF option [RFC 6971].

version: int

Version.

flags: DataType_IP_DFF_Flags

Flags.

seq: int

Sequence number.

class pcapkit.protocols.internet.hopopt.DataType_IP_DFF_Flags

Bases

TypedDict

Flags.

dup: bool

DUP flag.

ret: bool

RET flag.

---

*

https://en.wikipedia.org/wiki/IPv6_packet#Hop-by-hop_options_and_destination_options

IP - Internet Protocol

pcapkit.protocols.internet.ip contains IP only, which is a base class for Internet Protocol (IP) protocol family *, eg. IPv4, IPv6, and IPsec.

---

*

https://en.wikipedia.org/wiki/Internet_Protocol

IPsec - Internet Protocol Security

pcapkit.protocols.internet.ipsec contains IPsec only, which is a base class for Internet Protocol Security (IPsec) protocol family *, eg. AH and ESP †.

---

*

https://en.wikipedia.org/wiki/IPsec

†

ESP is currently NOT implemented.

IPv4 - Internet Protocol version 4

pcapkit.protocols.internet.ipv4 contains IPv4 only, which implements extractor for Internet Protocol version 4 (IPv4) *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	ip.version	Version (4)
0	4	ip.hdr_len	Internal Header Length (IHL)
1	8	ip.dsfield.dscp	Differentiated Services Code Point (DSCP)
1	14	ip.dsfield.ecn	Explicit Congestion Notification (ECN)
2	16	ip.len	Total Length
4	32	ip.id	Identification
6	48		Reserved Bit (must be \x00)
6	49	ip.flags.df	Don’t Fragment (DF)
6	50	ip.flags.mf	More Fragments (MF)
6	51	ip.frag_offset	Fragment Offset
8	64	ip.ttl	Time To Live (TTL)
9	72	ip.proto	Protocol (Transport Layer)
10	80	ip.checksum	Header Checksum
12	96	ip.src	Source IP Address
16	128	ip.dst	Destination IP Address
20	160	ip.options	IP Options (if IHL > 5)

pcapkit.protocols.internet.ipv4.IPv4_OPT: DataType_IPv4_OPT

IPv4 option dict parsing mapping.

copy	class	number	kind	length	process	name
0	0	0	0			[RFC 791] End of Option List
0	0	1	1			[RFC 791] No-Operation
0	0	7	7	?	2	[RFC 791] Record Route
0	0	11	11	4	1	[RFC 1063][RFC 1191] MTU Probe
0	0	12	12	4	1	[RFC 1063][RFC 1191] MTU Reply
0	0	25	25	8	3	[RFC 4782] Quick-Start
0	2	4	68	?	4	[RFC 791] Time Stamp
0	2	18	82	?	5	[RFC 1393][RFC 6814] Traceroute
1	0	2	130	?	6	[RFC 1108] Security
1	0	3	131	?	2	[RFC 791] Loose Source Route
1	0	5	133	?	6	[RFC 1108] Extended Security
1	0	8	136	4	1	[RFC 791][RFC 6814] Stream ID
1	0	9	137	?	2	[RFC 791] Strict Source Route
1	0	17	145	?	0	[RFC 1385][RFC 6814] Ext. Inet. Protocol
1	0	20	148	4	7	[RFC 2113] Router Alert

See also

pcapkit.protocols.internet.ipv4.DataType_IPv4_OPT

pcapkit.protocols.internet.ipv4.process_opt: Dict[int, Callable[[pcapkit.protocols.internet.ipv4.IPv4, int, int], DataType_Opt]]

Process method for IPv4 options.

Code	Method	Description
0	_read_mode_donone()	do nothing
1	_read_mode_unpack()	unpack according to size
2	_read_mode_route()	unpack route data options
3	_read_mode_qs()	unpack Quick-Start
4	_read_mode_ts()	unpack Time Stamp
5	_read_mode_tr()	unpack Traceroute
6	_read_mode_sec()	unpack (Extended) Security
7	_read_mode_rsralt()	unpack Router Alert

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class pcapkit.protocols.internet.ipv4.DataType_IPv4

Bases

TypedDict

Structure of IPv4 header [RFC 791].

version: Literal[4]

Version (4).

hdr_len: int

Internal header length (IHL).

dsfield: DataType_DS_Field

Type of services.

len: int

Total length.

id: int

Identification.

flags: DataType_IPv4_Flags

Flags.

frag_offset: int

Fragment offset.

ttl: int

Time to live (TTL).

proto: pcapkit.const.reg.transtype.TransType

Protocol (transport layer).

checksum: bytes

Header checksum.

src: ipaddress.IPv4Address

Source IP address.

dst: ipaddress.IPv4Address

Destination IP address.

opt: Tuple[pcapkit.const.ipv4.option_number.OptionNumber]

Tuple of option acronyms.

packet: bytes

Rase packet data.

class pcapkit.protocols.internet.ipv4.DataType_DS_Field

Bases

TypedDict

IPv4 DS fields.

dscp: DataType_IPv4_DSCP

Differentiated services code point (DSCP).

ecn: pcapkit.const.ipv4.tos_ecn.ToSECN

Explicit congestion notification (ECN).

class pcapkit.protocols.internet.ipv4.DataType_IPv4_DSCP

Bases

TypedDict

Differentiated services code point (DSCP).

pre: pcapkit.const.ipv4.tos_pre.ToSPrecedence

ToS precedence.

del: pcapkit.const.ipv4.tos_del.ToSDelay

ToS delay.

thr: pcapkit.const.ipv4.tos_thr.ToSThroughput

ToS throughput.

rel: pcapkit.const.ipv4.tos_rel.ToSReliability

ToS reliability.

class pcapkit.protocols.internet.ipv4.DataType_IPv4_Flags

Bases

TypedDict

IPv4 flags.

df: bool

Dont’s fragment (DF).

mf: bool

More fragments (MF).

class pcapkit.protocols.internet.ipv4.DataType_Opt

Bases

TypedDict

IPv4 option data.

kind: int

Option kind.

type: DataType_IPv4_Option_Type

Option type info.

length: int

Option length.

class pcapkit.protocols.internet.ipv4.DataType_IPv4_OPT

Bases

TypedDict

IPv4 option dict parsing mapping.

flag: bool

If the length of option is GREATER THAN 1.

desc: str

Description string, also attribute name.

proc: Optional[int]

Process method that data bytes need (when flag is True).

See also

pcapkit.protocols.internet.ipv4.process_opt

IPv4 Option Type

For IPv4 option type field as described in RFC 791, its structure is described as below:

Octets	Bits	Name	Descriptions
0	0	ip.opt.type.copy	Copied Flag (0/1)
0	1	ip.opt.type.class	Option Class (0-3)
0	3	ip.opt.type.number	Option Number

class pcapkit.protocols.internet.ipv4.DataType_IPv4_Option_Type

Bases

TypedDict

Structure of option type field [RFC 791].

copy: bool

Copied flag.

class: pcapkit.const.ipv4.option_class.OptionClass

Option class.

number: int

Option number.

IPv4 Miscellaneous Options

1-Byte Options

class pcapkit.protocols.internet.ipv4.DataType_Opt_1_Byte

Bases

DataType_Opt

1-byte options.

length: Literal[1]

Option length.

Permission Options

class pcapkit.protocols.internet.ipv4.DataType_Opt_Permission

Bases

DataType_Opt

Permission options (length is 2).

length: Literal[2]

Option length.

flag: Literal[True]

Permission flag.

No Process Options

For IPv4 options require no process, its structure is described as below:

Octets	Bits	Name	Description
0	0	ip.opt.kind	Kind
0	0	ip.opt.type.copy	Copied Flag
0	1	ip.opt.type.class	Option Class
0	3	ip.opt.type.number	Option Number
1	8	ip.opt.length	Length
2	16	ip.opt.data	Kind-specific Data

class pcapkit.protocols.internet.ipv4.DataType_Opt_Do_None

Bases

DataType_Opt

Structure of IPv4 options.

data: bytes

Kind-specific data.

Unpack Process Options

For IPv4 options require unpack process, its structure is described as below:

Octets	Bits	Name	Description
0	0	ip.opt.kind	Kind
0	0	ip.opt.type.copy	Copied Flag
0	1	ip.opt.type.class	Option Class
0	3	ip.opt.type.number	Option Number
1	8	ip.opt.length	Length
2	16	ip.opt.data	Kind-specific Data

class pcapkit.protocols.internet.ipv4.DataType_Opt_Unpack

Bases

DataType_Opt

Structure of IPv4 options.

data: int

Kind-specific data.

IPv4 Options with Route Data

For IPv4 options with route data as described in RFC 791, its structure is described as below:

Octets	Bits	Name	Description
0	0	ip.opt.kind	Kind (7/131/137)
0	0	ip.opt.type.copy	Copied Flag (0)
0	1	ip.opt.type.class	Option Class (0/1)
0	3	ip.opt.type.number	Option Number (3/7/9)
1	8	ip.opt.length	Length
2	16	ip.opt.pointer	Pointer (≥4)
3	24	ip.opt.data	Route Data

class pcapkit.protocols.internet.ipv4.DataType_Opt_Route_Data

Bases

DataType_Opt

Structure of IPv4 options with route data [RFC 791].

pointer: int

Pointer.

data: Optional[Tuple[ipaddress.IPv4Address]]

Route data.

IPv4 Quick Start Options

For IPv4 Quick Start options as described in RFC 4782, its structure is described as below:

Octets	Bits	Name	Description
0	0	ip.qs.kind	Kind (25)
0	0	ip.qs.type.copy	Copied Flag (0)
0	1	ip.qs.type.class	Option Class (0)
0	3	ip.qs.type.number	Option Number (25)
1	8	ip.qs.length	Length (8)
2	16	ip.qs.func	Function (0/8)
2	20	ip.qs.rate	Rate Request / Report (in Kbps)
3	24	ip.qs.ttl	QS TTL / None
4	32	ip.qs.nounce	QS Nounce
7	62		Reserved (\x00\x00)

class pcapkit.protocols.internet.ipv4.DataType_Opt_QuickStart

Bases

DataType_Opt

Structure of Quick-Start (QS) option [RFC 4782].

func: pcapkit.const.ipv4.qs_function.QSFunction

Function.

rate: int

Rate request / report (in Kbps).

ttl: Optional[int]

QS TTL.

nounce: int

QS nounce.

IPv4 Time Stamp Option

For IPv4 Time Stamp option as described in RFC 791, its structure is described as below:

Octets	Bits	Name	Description
0	0	ip.ts.kind	Kind (25)
0	0	ip.ts.type.copy	Copied Flag (0)
0	1	ip.ts.type.class	Option Class (0)
0	3	ip.ts.type.number	Option Number (25)
1	8	ip.ts.length	Length (≤40)
2	16	ip.ts.pointer	Pointer (≥5)
3	24	ip.ts.overflow	Overflow Octets
3	28	ip.ts.flag	Flag
4	32	ip.ts.ip	Internet Address
8	64	ip.ts.timestamp	Timestamp

class pcapkit.protocols.internet.ipv4.DataType_Opt_TimeStamp

Bases

DataType_Opt

Structure of Timestamp (TS) option [RFC 791].

pointer: int

Pointer.

overflow: int

Overflow octets.

flag: int

Flag.

ip: Optional[Tuple[ipaddress.IPv4Address]]

Array of Internet addresses (if flag is 1/3).

timestamp: Optional[Tuple[datetime.datetime]]

Array of timestamps (if flag is 0/1/3).

data: Optional[bytes]

Timestamp data (if flag is unknown).

IPv4 Traceroute Option

For IPv4 Traceroute option as described in RFC 6814, its structure is described as below:

Octets	Bits	Name	Description
0	0	ip.tr.kind	Kind (82)
0	0	ip.tr.type.copy	Copied Flag (0)
0	1	ip.tr.type.class	Option Class (0)
0	3	ip.tr.type.number	Option Number (18)
1	8	ip.tr.length	Length (12)
2	16	ip.tr.id	ID Number
4	32	ip.tr.ohc	Outbound Hop Count
6	48	ip.tr.rhc	Return Hop Count
8	64	ip.tr.ip	Originator IP Address

class pcapkit.protocols.internet.ipv4.DataType_Opt_Traceroute

Bases

DataType_Opt

Structure of Traceroute (TR) option [RFC 6814].

id: int

ID number.

ohc: int

Outbound hop count.

rhc: int

Return hop count.

ip: ipaddress.IPv4Address

Originator IP address.

IPv4 Options with Security Info

For IPv4 options with security info as described in RFC 1108, its structure is described as below:

Octets	Bits	Name	Description
0	0	ip.sec.kind	Kind (130/133)
0	0	ip.sec.type.copy	Copied Flag (1)
0	1	ip.sec.type.class	Option Class (0)
0	3	ip.sec.type.number	Option Number (2)
1	8	ip.sec.length	Length (≥3)
2	16	ip.sec.level	Classification Level
3	24	ip.sec.flags	Protection Authority Flags

class pcapkit.protocols.internet.ipv4.DataType_Opt_Security_Info

Bases

DataType_Opt

Structure of IPv4 options with security info [RFC 791].

level: pcapkit.const.ipv4.classification_level.ClassificationLevel

Classification level.

flags: Tuple[DataType_SEC_Flags]

Array of protection authority flags.

class pcapkit.protocols.internet.ipv4.DataType_SEC_Flags

Bases

pcapkit.corekit.infoclass.Info

Protection authority flags, as mapping of protection authority bit assignments enumeration and bool flags.

IPv4 Traceroute Option

For IPv4 Router Alert option as described in RFC 2113, its structure is described as below:

Octets	Bits	Name	Description
0	0	ip.rsralt.kind	Kind (148)
0	0	ip.rsralt.type.copy	Copied Flag (1)
0	1	ip.rsralt.type.class	Option Class (0)
0	3	ip.rsralt.type.number	Option Number (20)
1	8	ip.rsralt.length	Length (4)
2	16	ip.rsralt.alert	Alert
2	16	ip.rsralt.code	Alert Code

class pcapkit.protocols.internet.ipv4.DataType_Opt_RouterAlert

Bases

DataType_Opt

Structure of Router Alert (RTRALT) option [RFC 2113].

alert: pcapkit.const.ipv4.router_alert.RouterAlert

Alert.

code: int

Alert code.

---

*

https://en.wikipedia.org/wiki/IPv4

IPv6-Frag - Fragment Header for IPv6

pcapkit.protocols.internet.ipv6_frag contains IPv6_Frag only, which implements extractor for Fragment Header for IPv6 (IPv6-Frag) *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	frag.next	Next Header
1	8		Reserved
2	16	frag.offset	Fragment Offset
3	29		Reserved
3	31	frag.mf	More Flag
4	32	frag.id	Identification

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class DataType_IPv6_Frag

Bases

TypedDict

Structure of IPv6-Frag header [RFC 8200].

next: pcapkit.const.reg.transtype.TransType

Next header.

offset: int

Fragment offset.

mf: bool

More flag.

id: int

Identification.

---

*

https://en.wikipedia.org/wiki/IPv6_packet#Fragment

IPv6-Opts - Destination Options for IPv6

pcapkit.protocols.internet.ipv6_opts contains IPv6_Opts only, which implements extractor for Destination Options for IPv6 (IPv6-Opts) *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	opt.next	Next Header
1	8	opt.length	Header Extensive Length
2	16	opt.options	Options

pcapkit.protocols.internet.ipv6_opts._IPv6_Opts_ACT: Dict[str, str]

IPv6-Opts unknown option actions.

Code	Action
00	skip over this option and continue processing the header
01	discard the packet
10	discard the packet and, regardless of whether or not the packet’s Destination Address was a multicast address, send an ICMP Parameter Problem, Code 2, message to the packet’s Source Address, pointing to the unrecognized Option Type
11	discard the packet and, only if the packet’s Destination Address was not a multicast address, send an ICMP Parameter Problem, Code 2, message to the packet’s Source Address, pointing to the unrecognized Option Type

pcapkit.protocols.internet.ipv6_opts._IPv6_Opts_OPT: Dict[int, Tuple[str, str]]

IPv6-Opts options.

Code	Acronym	Option	Reference
0x00	pad	Pad1	[RFC 8200] 0
0x01	pad	PadN	[RFC 8200]
0x04	tun	Tunnel Encapsulation Limit	[RFC 2473] 1
0x05	ra	Router Alert	[RFC 2711] 2
0x07	calipso	Common Architecture Label IPv6 Security Option	[RFC 5570]
0x08	smf_dpd	Simplified Multicast Forwarding	[RFC 6621]
0x0F	pdm	Performance and Diagnostic Metrics	[RFC 8250] 10
0x26	qs	Quick-Start	[RFC 4782][RFC Errata 2034] 6
0x63	rpl	Routing Protocol for Low-Power and Lossy Networks	[RFC 6553]
0x6D	mpl	Multicast Protocol for Low-Power and Lossy Networks	[RFC 7731]
0x8B	ilnp	Identifier-Locator Network Protocol Nonce	[RFC 6744]
0x8C	lio	Line-Identification Option	[RFC 6788]
0xC2	jumbo	Jumbo Payload	[RFC 2675]
0xC9	home	Home Address	[RFC 6275]
0xEE	ip_dff	Depth-First Forwarding	[RFC 6971]

pcapkit.protocols.internet.ipv6_opts._IPv6_Opts_NULL: Dict[int, str]

IPv6-Opts unknown option descriptions.

Code	Description	Reference
0x1E	RFC3692-style Experiment	[RFC 4727]
0x3E	RFC3692-style Experiment	[RFC 4727]
0x4D	Deprecated	[RFC 7731]
0x5E	RFC3692-style Experiment	[RFC 4727]
0x7E	RFC3692-style Experiment	[RFC 4727]
0x8A	Endpoint Identification	DEPRECATED
0x9E	RFC3692-style Experiment	[RFC 4727]
0xBE	RFC3692-style Experiment	[RFC 4727]
0xDE	RFC3692-style Experiment	[RFC 4727]
0xFE	RFC3692-style Experiment	[RFC 4727]

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class pcapkit.protocols.internet.ipv6_opts.DataType_IPv6_Opts

Bases

TypedDict

Structure of IPv6-Opts header [RFC 8200].

next: pcapkit.const.reg.transtype.TransType

Next header.

length: int

Header extensive length.

options: Tuple[pcapkit.const.ipv6.option.Option]

Array of option acronyms.

packet: bytes

Packet data.

class pcapkit.protocols.internet.ipv6_opts.DataType_Option

Bases

TypedDict

IPv6_Opts option.

desc: str

Option description.

type: DataType_IPv6_Opts_Option_Type

Option type.

length: int

Option length.

Note

This attribute is NOT the length specified in the IPv6-Opts optiona data, rather the total length of the current option.

IPv6-Opts Option Type

For IPv6-Opts option type field as described in RFC 791, its structure is described as below:

Octets	Bits	Name	Descriptions
0	0	ipv6_opts.opt.type.value	Option Number
0	0	ipv6_opts.opt.type.action	Action (00-11)
0	2	ipv6_opts.opt.type.change	Change Flag (0/1)

class pcapkit.protocols.internet.ipv6_opts.DataType_IPv6_Opts_Option_Type

Bases

TypedDict

Structure of option type field [RFC 791].

value: int

Option number.

action: str

Action.

change: bool

Change flag.

IPv6-Opts Unassigned Options

For IPv6-Opts unassigned options as described in RFC 8200, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipv6_opts.opt.type	Option Type
0	0	ipv6_opts.opt.type.value	Option Number
0	0	ipv6_opts.opt.type.action	Action (00-11)
0	2	ipv6_opts.opt.type.change	Change Flag (0/1)
1	8	ipv6_opts.opt.length	Length of Option Data
2	16	ipv6_opts.opt.data	Option Data

class pcapkit.protocols.internet.ipv6_opts.DataType_Dest_Opt_None

Bases

DataType_Option

Structure of IPv6-Opts unassigned options [RFC 8200].

data: bytes

Option data.

IPv6-Opts Padding Options

Pad1 Option

For IPv6-Opts Pad1 option as described in RFC 8200, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipv6_opts.pad.type	Option Type
0	0	ipv6_opts.pad.type.value	Option Number
0	0	ipv6_opts.pad.type.action	Action (00)
0	2	ipv6_opts.pad.type.change	Change Flag (0)

class pcapkit.protocols.internet.ipv6_opts.DataType_Dest_Opt_Pad1

Bases

DataType_Option

Structure of IPv6-Opts padding options [RFC 8200].

length: Literal[1]

Option length.

PadN Option

For IPv6-Opts PadN option as described in RFC 8200, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipv6_opts.pad.type	Option Type
0	0	ipv6_opts.pad.type.value	Option Number
0	0	ipv6_opts.pad.type.action	Action (00)
0	2	ipv6_opts.pad.type.change	Change Flag (0)
1	8	ipv6_opts.opt.length	Length of Option Data
2	16	ipv6_opts.pad.padding	Padding

class pcapkit.protocols.internet.ipv6_opts.DataType_Dest_Opt_PadN

Bases

DataType_Option

Structure of IPv6-Opts padding options [RFC 8200].

padding: bytes

Padding data.

IPv6-Opts Tunnel Encapsulation Limit Option

For IPv6-Opts Tunnel Encapsulation Limit option as described in RFC 2473, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipv6_opts.tun.type	Option Type
0	0	ipv6_opts.tun.type.value	Option Number
0	0	ipv6_opts.tun.type.action	Action (00)
0	2	ipv6_opts.tun.type.change	Change Flag (0)
1	8	ipv6_opts.tun.length	Length of Option Data
2	16	ipv6_opts.tun.limit	Tunnel Encapsulation Limit

class pcapkit.protocols.internet.ipv6_opts.DataType_Dest_Opt_TUN

Bases

DataType_Option

Structure of IPv6-Opts Tunnel Encapsulation Limit option [RFC 2473].

limit: int

Tunnel encapsulation limit.

IPv6-Opts Router Alert Option

For IPv6-Opts Router Alert option as described in RFC 2711, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipv6_opts.ra.type	Option Type
0	0	ipv6_opts.ra.type.value	Option Number
0	0	ipv6_opts.ra.type.action	Action (00)
0	2	ipv6_opts.ra.type.change	Change Flag (0)
1	8	ipv6_opts.opt.length	Length of Option Data
2	16	ipv6_opts.ra.value	Value

class pcapkit.protocols.internet.ipv6_opts.DataType_Dest_Opt_RA

Bases

DataType_Option

Structure of IPv6-Opts Router Alert option [RFC 2711].

value: int

Router alert code value.

alert: pcapkit.const.ipv6.router_alter.RouterAlert

Router alert enumeration.

IPv6-Opts CALIPSO Option

For IPv6-Opts CALIPSO option as described in RFC 5570, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipv6_opts.calipso.type	Option Type
0	0	ipv6_opts.calipso.type.value	Option Number
0	0	ipv6_opts.calipso.type.action	Action (00)
0	2	ipv6_opts.calipso.type.change	Change Flag (0)
1	8	ipv6_opts.calipso.length	Length of Option Data
2	16	ipv6_opts.calipso.domain	CALIPSO Domain of Interpretation
6	48	ipv6_opts.calipso.cmpt_len	Cmpt Length
7	56	ipv6_opts.calipso.level	Sens Level
8	64	ipv6_opts.calipso.chksum	Checksum (CRC-16)
9	72	ipv6_opts.calipso.bitmap	Compartment Bitmap

class pcapkit.protocols.internet.ipv6_opts.DataType_Dest_Opt_CALIPSO

Bases

DataType_Option

Structure of IPv6-Opts CALIPSO option [RFC 5570].

domain: int

CALIPSO domain of interpretation.

cmpt_len: int

Compartment length.

level: int

Sene level.

chksum: bytes

Checksum (CRC-16).

bitmap: Tuple[str]

Compartment bitmap.

IPv6-Opts SMF_DPD Option

I-DPD Mode

For IPv6 SMF_DPD option header in I-DPD mode as described in RFC 5570, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipv6_opts.smf_dpd.type	Option Type
0	0	ipv6_opts.smf_dpd.type.value	Option Number
0	0	ipv6_opts.smf_dpd.type.action	Action (00)
0	2	ipv6_opts.smf_dpd.type.change	Change Flag (0)
1	8	ipv6_opts.smf_dpd.length	Length of Option Data
2	16	ipv6_opts.smf_dpd.dpd_type	DPD Type (0)
2	17	ipv6_opts.smf_dpd.tid_type	TaggerID Type
2	20	ipv6_opts.smf_dpd.tid_len	TaggerID Length
3	24	ipv6_opts.smf_dpd.tid	TaggerID
?	?	ipv6_opts.smf_dpd.id	Identifier

class pcapkit.protocols.internet.ipv6_opts.DataType_Dest_Opt_SMF_I_PDP

Bases

DataType_Option

Structure of IPv6-Opts SMF_DPD option in I-DPD mode [RFC 5570].

dpd_type: Literal['I-DPD']

DPD type.

tid_type: pcapkit.const.ipv6.tagger_id.TaggerID

TaggerID type.

tid_len: int

TaggerID length.

tid: int

TaggerID.

id: bytes

Identifier.

H-DPD Mode

For IPv6 SMF_DPD option header in H-DPD mode as described in RFC 5570, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipv6_opts.smf_dpd.type	Option Type
0	0	ipv6_opts.smf_dpd.type.value	Option Number
0	0	ipv6_opts.smf_dpd.type.action	Action (00)
0	2	ipv6_opts.smf_dpd.type.change	Change Flag (0)
1	8	ipv6_opts.smf_dpd.length	Length of Option Data
2	16	ipv6_opts.smf_dpd.dpd_type	DPD Type (1)
2	17	ipv6_opts.smf_dpd.hav	Hash Assist Value

class pcapkit.protocols.internet.ipv6_opts.DataType_Dest_Opt_SMF_H_PDP

Bases

DataType_Option

Structure of IPv6-Opts SMF_DPD option in H-DPD mode [RFC 5570].

dpd_type: Literal['H-DPD']

DPD type.

hav: str

Hash assist value (as binary string).

IPv6-Opts PDM Option

For IPv6-Opts PDM option as described in RFC 8250, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipv6_opts.pdm.type	Option Type
0	0	ipv6_opts.pdm.type.value	Option Number
0	0	ipv6_opts.pdm.type.action	Action (00)
0	2	ipv6_opts.pdm.type.change	Change Flag (0)
1	8	ipv6_opts.pdm.length	Length of Option Data
2	16	ipv6_opts.pdm.scaledtlr	Scale Delta Time Last Received
3	24	ipv6_opts.pdm.scaledtls	Scale Delta Time Last Sent
4	32	ipv6_opts.pdm.psntp	Packet Sequence Number This Packet
6	48	ipv6_opts.pdm.psnlr	Packet Sequence Number Last Received
8	64	ipv6_opts.pdm.deltatlr	Delta Time Last Received
10	80	ipv6_opts.pdm.deltatls	Delta Time Last Sent

class pcapkit.protocols.internet.ipv6_opts.DataType_Dest_Opt_PDM

Bases

DataType_Option

Structure of IPv6-Opts PDM option [RFC 8250].

scaledtlr: datetime.timedelta

Scale delta time last received.

scaledtls: datetime.timedelta

Scale delta time last sent.

psntp: int

Packet sequence number this packet.

psnlr: int

Packet sequence number last received.

deltatlr: datetime.timedelta

Delta time last received.

deltatls: datetime.timedelta

Delta time last sent.

IPv6-Opts Quick Start Option

For IPv6-Opts Quick Start option as described in RFC 4782, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipv6_opts.qs.type	Option Type
0	0	ipv6_opts.qs.type.value	Option Number
0	0	ipv6_opts.qs.type.action	Action (00)
0	2	ipv6_opts.qs.type.change	Change Flag (1)
1	8	ipv6_opts.qs.length	Length of Option Data
2	16	ipv6_opts.qs.func	Function (0/8)
2	20	ipv6_opts.qs.rate	Rate Request / Report (in Kbps)
3	24	ipv6_opts.qs.ttl	QS TTL / None
4	32	ipv6_opts.qs.nounce	QS Nounce
7	62		Reserved

class pcapkit.protocols.internet.ipv6_opts.DataType_Dest_Opt_QS

Bases

DataType_Option

Structure of IPv6-Opts Quick Start option [RFC 8250].

func: pcapkit.const.ipv6.qs_function.QSFunction

Function.

rate: float

Rate request and/or report (in Kbps).

ttl: Optional[int]

QS TTL.

nounce: int

QS nounce.

IPv6-Opts RPL Option

For IPv6-Opts RPL option as described in RFC 6553, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipv6_opts.rpl.type	Option Type
0	0	ipv6_opts.rpl.type.value	Option Number
0	0	ipv6_opts.rpl.type.action	Action (01)
0	2	ipv6_opts.rpl.type.change	Change Flag (1)
1	8	ipv6_opts.rpl.length	Length of Option Data
2	16	ipv6_opts.rpl.flags	RPL Option Flags
2	16	ipv6_opts.rpl.flags.down	Down Flag
2	17	ipv6_opts.rpl.flags.rank_error	Rank-Error Flag
2	18	ipv6_opts.rpl.flags.fwd_error	Forwarding-Error Flag
3	24	ipv6_opts.rpl.id	RPL Instance ID
4	32	ipv6_opts.rpl.rank	SenderRank
6	48	ipv6_opts.rpl.data	Sub-TLVs

class pcapkit.protocols.internet.ipv6_opts.DataType_Dest_Opt_RPL

Bases

DataType_Option

Structure of IPv6-Opts RPL option [RFC 6553].

flags: DataType_RPL_Flags

RPL option flags.

id: int

RPL instance ID.

rank: int

Sender rank.

data: Optional[bytes]

Sub-TLVs (if ipv6_opts.rpl.length is GREATER THAN 4).

class pcapkit.protocols.internet.ipv6_opts.DataType_RPL_Flags

Bases

TypedDict

RPL option flags.

down: bool

Down flag.

rank_error: bool

Rank-Error flag.

fwd_error: bool

Forwarding-Error flag.

IPv6-Opts MPL Option

For IPv6-Opts MPL option as described in RFC 7731, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipv6_opts.mpl.type	Option Type
0	0	ipv6_opts.mpl.type.value	Option Number
0	0	ipv6_opts.mpl.type.action	Action (01)
0	2	ipv6_opts.mpl.type.change	Change Flag (1)
1	8	ipv6_opts.mpl.length	Length of Option Data
2	16	ipv6_opts.mpl.seed_len	Seed-ID Length
2	18	ipv6_opts.mpl.flags	MPL Option Flags
2	18	ipv6_opts.mpl.max	Maximum SEQ Flag
2	19	ipv6_opts.mpl.verification	Verification Flag
2	20		Reserved
3	24	ipv6_opts.mpl.seq	Sequence
4	32	ipv6_opts.mpl.seed_id	Seed-ID

class pcapkit.protocols.internet.ipv6_opts.DataType_Dest_Opt_MPL

Bases

DataType_Option

Structure of IPv6-Opts MPL option [RFC 7731].

seed_len: pcapkit.const.ipv6.seed_id.SeedID

Seed-ID length.

flags: DataType_MPL_Flags

MPL option flags.

seq: int

Sequence.

seed_id: Optional[int]

Seed-ID.

class pcapkit.protocols.internet.ipv6_opts.DataType_MPL_Flags

Bases

TypedDict

MPL option flags.

max: bool

Maximum sequence flag.

verification: bool

Verification flag.

IPv6-Opts ILNP Nounce Option

For IPv6-Opts ILNP Nounce option as described in RFC 6744, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipv6_opts.ilnp.type	Option Type
0	0	ipv6_opts.ilnp.type.value	Option Number
0	0	ipv6_opts.ilnp.type.action	Action (10)
0	2	ipv6_opts.ilnp.type.change	Change Flag (0)
1	8	ipv6_opts.ilnp.length	Length of Option Data
2	16	ipv6_opts.ilnp.value	Nonce Value

class pcapkit.protocols.internet.ipv6_opts.DataType_Dest_Opt_ILNP

Bases

DataType_Option

Structure of IPv6-Opts ILNP Nonce option [RFC 6744].

value: bytes

Nonce value.

IPv6-Opts Line-Identification Option

For IPv6-Opts Line-Identification option as described in RFC 6788, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipv6_opts.lio.type	Option Type
0	0	ipv6_opts.lio.type.value	Option Number
0	0	ipv6_opts.lio.type.action	Action (10)
0	2	ipv6_opts.lio.type.change	Change Flag (0)
1	8	ipv6_opts.lio.length	Length of Option Data
2	16	ipv6_opts.lio.lid_len	Line ID Length
3	24	ipv6_opts.lio.lid	Line ID

class pcapkit.protocols.internet.ipv6_opts.DataType_Dest_Opt_LIO

Bases

DataType_Option

Structure of IPv6-Opts Line-Identification option [RFC 6788].

lid_len: int

Line ID length.

lid: bytes

Line ID.

IPv6-Opts Jumbo Payload Option

For IPv6-Opts Jumbo Payload option as described in RFC 2675, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipv6_opts.jumbo.type	Option Type
0	0	ipv6_opts.jumbo.type.value	Option Number
0	0	ipv6_opts.jumbo.type.action	Action (11)
0	2	ipv6_opts.jumbo.type.change	Change Flag (0)
1	8	ipv6_opts.jumbo.length	Length of Option Data
2	16	ipv6_opts.jumbo.payload_len	Jumbo Payload Length

class pcapkit.protocols.internet.ipv6_opts.DataType_Dest_Opt_Jumbo

Bases

DataType_Option

Structure of IPv6-Opts Jumbo Payload option [RFC 2675].

payload_len: int

Jumbo payload length.

IPv6-Opts Home Address Option

For IPv6-Opts Home Address option as described in RFC 6275, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipv6_opts.home.type	Option Type
0	0	ipv6_opts.home.type.value	Option Number
0	0	ipv6_opts.home.type.action	Action (11)
0	2	ipv6_opts.home.type.change	Change Flag (0)
1	8	ipv6_opts.home.length	Length of Option Data
2	16	ipv6_opts.home.ip	Home Address

class pcapkit.protocols.internet.ipv6_opts.DataType_Dest_Opt_Home

Bases

DataType_Option

Structure of IPv6-Opts Home Address option [RFC 6275].

ip: ipaddress.IPv6Address

Home address.

IPv6-Opts IP_DFF Option

For IPv6-Opts IP_DFF option as described in RFC 6971, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipv6_opts.ip_dff.type	Option Type
0	0	ipv6_opts.ip_dff.type.value	Option Number
0	0	ipv6_opts.ip_dff.type.action	Action (11)
0	2	ipv6_opts.ip_dff.type.change	Change Flag (1)
1	8	ipv6_opts.ip_dff.length	Length of Option Data
2	16	ipv6_opts.ip_dff.version	Version
2	18	ipv6_opts.ip_dff.flags	Flags
2	18	ipv6_opts.ip_dff.flags.dup	DUP Flag
2	19	ipv6_opts.ip_dff.flags.ret	RET Flag
2	20		Reserved
3	24	ipv6_opts.ip_dff.seq	Sequence Number

class pcapkit.protocols.internet.ipv6_opts.DataType_Dest_Opt_IP_DFF

Bases

DataType_Option

Structure of IPv6-Opts IP_DFF option [RFC 6971].

version: int

Version.

flags: DataType_IP_DFF_Flags

Flags.

seq: int

Sequence number.

class pcapkit.protocols.internet.ipv6_opts.DataType_IP_DFF_Flags

Bases

TypedDict

Flags.

dup: bool

DUP flag.

ret: bool

RET flag.

---

*

https://en.wikipedia.org/wiki/IPv6_packet#Hop-by-hop_options_and_destination_options

IPv6-Route - Routing Header for IPv6

pcapkit.protocols.internet.ipv6_route contains IPv6_Route only, which implements extractor for Routing Header for IPv6 (IPv6-Route) *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	route.next	Next Header
1	8	route.length	Header Extensive Length
2	16	route.type	Routing Type
3	24	route.seg_left	Segments Left
4	32	route.data	Type-Specific Data

pcapkit.protocols.internet.ipv6_route._ROUTE_PROC: Dict[int, str]

IPv6 routing processors.

Code	Processor	Note
0	_read_data_type_src()	[RFC 5095] DEPRECATED
2	_read_data_type_2()	[RFC 6275]
3	_read_data_type_rpl()	[RFC 6554]

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class pcapkit.protocols.internet.ipv6_route.DataType_IPv6_Route

Structure of IPv6-Route header [RFC 8200][RFC 5095].

next: pcapkit.const.reg.transtype.TransType

Next header.

length: int

Header extensive length.

type: pcapkit.const.ipv6.routing.Routing

Routing type.

seg_left: int

Segments left.

packet: bytes

Raw packet data.

IPv6-Route Unknown Type

For IPv6-Route unknown type data as described in RFC 8200 and RFC 5095, its structure is described as below:

Octets	Bits	Name	Description
0	0	route.next	Next Header
1	8	route.length	Header Extensive Length
2	16	route.type	Routing Type
3	24	route.seg_left	Segments Left
4	32	route.data	Type-Specific Data

class pcapkit.protocols.internet.ipv6_route.DataType_IPv6_Route_None

Bases

TypedDict

Structure of IPv6-Route unknown type data [RFC 8200][RFC 5095].

data: bytes

Type-specific data.

IPv6-Route Source Route

For IPv6-Route Source Route data as described in RFC 5095, its structure is described as below:

Octets	Bits	Name	Description
0	0	route.next	Next Header
1	8	route.length	Header Extensive Length
2	16	route.type	Routing Type
3	24	route.seg_left	Segments Left
4	32		Reserved
8	64	route.ip	Address

class pcapkit.protocols.internet.ipv6_route.DataType_IPv6_Route_Source

Bases

TypedDict

Structure of IPv6-Route Source Route data [RFC 5095].

ip: Tuple[ipaddress.IPv6Address]

Array of IPv6 addresses.

IPv6-Route Type 2

For IPv6-Route Type 2 data as described in RFC 6275, its structure is described as below:

Octets	Bits	Name	Description
0	0	route.next	Next Header
1	8	route.length	Header Extensive Length
2	16	route.type	Routing Type
3	24	route.seg_left	Segments Left
4	32		Reserved
8	64	route.ip	Home Address

class pcapkit.protocols.internet.ipv6_route.DataType_IPv6_Route_2

Bases

TypedDict

Structure of IPv6-Route Type 2 data [RFC 6275].

ip: ipaddress.IPv6Address

Home IPv6 addresses.

IPv6-Route RPL Source

For IPv6-Route RPL Source data as described in RFC 6554, its structure is described as below:

Octets	Bits	Name	Description
0	0	route.next	Next Header
1	8	route.length	Header Extensive Length
2	16	route.type	Routing Type
3	24	route.seg_left	Segments Left
4	32	route.cmpr_i	CmprI
4	36	route.cmpr_e	CmprE
5	40	route.pad	Pad Size
5	44		Reserved
8	64	route.ip	Addresses

class pcapkit.protocols.internet.ipv6_route.DataType_IPv6_Route_RPL

Bases

TypedDict

Structure of IPv6-Route RPL Source data [RFC 6554].

cmpr_i: int

CmprI.

cmpr_e: int

CmprE.

pad: int

Pad size.

ip: Tuple[Union[ipaddress.IPv4Address, ipaddress.IPv6Address]]

Array of IPv4 and/or IPv6 addresses.

---

*

https://en.wikipedia.org/wiki/IPv6_packet#Routing

IPv6 - Internet Protocol version 6

pcapkit.protocols.internet.ipv6 contains IPv6 only, which implements extractor for Internet Protocol version 6 (IPv6) *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	ip.version	Version (6)
0	4	ip.class	Traffic Class
1	12	ip.label	Flow Label
4	32	ip.payload	Payload Length (header excludes)
6	48	ip.next	Next Header
7	56	ip.limit	Hop Limit
8	64	ip.src	Source Address
24	192	ip.dst	Destination Address

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class DataType_IPv6

Bases

TypedDict

Structure of IPv6 header [RFC 2460].

version: Literal[6]

Version.

class: int

Traffic class.

label: int

Flow label.

payload: int

Payload length.

next: pcapkit.const.reg.transtype.TransType

Next header.

limit: int

Hop limit.

src: ipaddress.IPv6Address

Source address.

dst: ipaddress.IPv6Address

Destination address.

packet: bytes

Raw packet data.

---

*

https://en.wikipedia.org/wiki/IPv6_packet

IPX - Internetwork Packet Exchange

pcapkit.protocols.internet.ipx contains IPX only, which implements extractor for Internetwork Packet Exchange (IPX) *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	ipx.cksum	Checksum
2	16	ipx.len	Packet Length (header includes)
4	32	ipx.count	Transport Control (hop count)
5	40	ipx.type	Packet Type
6	48	ipx.dst	Destination Address
18	144	ipx.src	Source Address

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class DataType_IPX

Bases

TypedDict

Structure of IPX header [RFC 1132].

chksum: bytes

Checksum.

len: int

Packet length (header includes).

count: int

Transport control (hop count).

type: pcapkit.const.ipx.packet.Packet

Packet type.

dst: DataType_IPX_Address

Destination address.

src: DataType_IPX_Address

Source address.

For IPX address field, its structure is described as below:

Octets	Bits	Name	Description
0	0	ipx.addr.network	Network Number
4	32	ipx.addr.node	Node Number
10	80	ipx.addr.socket	Socket Number

class DataType_IPX_Address

Bases

TypedDict

Structure of IPX address.

network: str

Network number (: separated).

node: str

Node number (- separated).

socket: pcapkit.const.ipx.socket.Socket

Socket number.

addr: str

Full address (: separated).

---

*

https://en.wikipedia.org/wiki/Internetwork_Packet_Exchange

MH - Mobility Header

pcapkit.protocols.internet.mh contains MH only, which implements extractor for Mobility Header (MH) *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	mh.next	Next Header
1	8	mh.length	Header Length
2	16	mh.type	Mobility Header Type
3	24		Reserved
4	32	mh.chksum	Checksum
6	48	mh.data	Message Data

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class DataType_MH

Bases

TypedDict

next: pcapkit.const.reg.transtype.TransType

Next header.

length: int

Header length.

type: pcapkit.const.mh.packet.Packet

Mobility header type.

chksum: bytes

Checksum.

data: bytes

Message data.

---

*

https://en.wikipedia.org/wiki/Mobile_IP#Changes_in_IPv6_for_Mobile_IPv6

Base Protocol

pcapkit.protocols.internet.internet contains Internet, which is a base class for internet layer protocols, eg. AH, IPsec, IPv4, IPv6, IPX, and etc.

Transport Layer Protocols

pcapkit.protocols.transport is collection of all protocols in transport layer, with detailed implementation and methods.

UDP - User Datagram Protocol

pcapkit.protocols.transport.udp contains UDP only, which implements extractor for User Datagram Protocol (UDP) *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	udp.srcport	Source Port
2	16	udp.dstport	Destination Port
4	32	udp.len	Length (header includes)
6	48	udp.checksum	Checksum

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class DataType_UDP

Bases

TypedDict

Structure of UDP header [RFC 768].

srcport: int

Source port.

dstport: int

Destination port.

len: int

Length.

checksum: bytes

Checksum.

---

*

https://en.wikipedia.org/wiki/User_Datagram_Protocol

TCP - Transmission Control Protocol

pcapkit.protocols.transport.tcp contains TCP only, which implements extractor for Transmission Control Protocol (TCP) *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.srcport	Source Port
2	16	tcp.dstport	Destination Port
4	32	tcp.seq	Sequence Number
8	64	tcp.ack	Acknowledgement Number (if ACK set)
12	96	tcp.hdr_len	Data Offset
12	100		Reserved (must be \x00)
12	103	tcp.flags.ns	ECN Concealment Protection (NS)
13	104	tcp.flags.cwr	Congestion Window Reduced (CWR)
13	105	tcp.flags.ece	ECN-Echo (ECE)
13	106	tcp.flags.urg	Urgent (URG)
13	107	tcp.flags.ack	Acknowledgement (ACK)
13	108	tcp.flags.psh	Push Function (PSH)
13	109	tcp.flags.rst	Reset Connection (RST)
13	110	tcp.flags.syn	Synchronize Sequence Numbers (SYN)
13	111	tcp.flags.fin	Last Packet from Sender (FIN)
14	112	tcp.window_size	Size of Receive Window
16	128	tcp.checksum	Checksum
18	144	tcp.urgent_pointer	Urgent Pointer (if URG set)
20	160	tcp.opt	TCP Options (if data offset > 5)

pcapkit.protocols.transport.tcp.TCP_OPT: DataType_TCP_OPT

TCP option dict parsing mapping.

kind	length	type	process	comment	name
0					[RFC 793] End of Option List
1					[RFC 793] No-Operation
2	4	H	1		[RFC 793] Maximum Segment Size
3	3	B	1		[RFC 7323] Window Scale
4	2	?		True	[RFC 2018] SACK Permitted
5	?	P	0	2+8*N	[RFC 2018] SACK
6	6	P	0		[RFC 1072][RFC 6247] Echo
7	6	P	0		[RFC 1072][RFC 6247] Echo Reply
8	10	II	2		[RFC 7323] Timestamps
9	2	?		True	[RFC 1693][RFC 6247] POC Permitted
10	3	??P	3		[RFC 1693][RFC 6247] POC-Serv Profile
11	6	P	0		[RFC 1693][RFC 6247] Connection Count
12	6	P	0		[RFC 1693][RFC 6247] CC.NEW
13	6	P	0		[RFC 1693][RFC 6247] CC.ECHO
14	3	B	4		[RFC 1146][RFC 6247] Alt-Chksum Request
15	?	P	0		[RFC 1146][RFC 6247] Alt-Chksum Data
19	18	P	0		[RFC 2385] MD5 Signature Option
27	8	P	5		[RFC 4782] Quick-Start Response
28	4	P	6		[RFC 5482] User Timeout Option
29	?	P	7		[RFC 5925] TCP Authentication Option
30	?	P	8		[RFC 6824] Multipath TCP
34	?	P	0		[RFC 7413] Fast Open

See also

pcapkit.protocols.transport.tcp.DataType_TCP_OPT

pcapkit.protocols.transport.tcp.process_opt: Dict[int, Callable[[pcapkit.protocols.transport.tcp.TCP, int, int], DataType_TCP_Opt]]

Process method for TCP options.

Code	Method	Description
0	_read_mode_donone()	do nothing
1	_read_mode_unpack()	unpack according to size
2	_read_mode_tsopt()	timestamps
3	_read_mode_pocsp()	POC service profile
4	_read_mode_acopt()	alternate checksum request
5	_read_mode_qsopt()	Quick-Start response
6	_read_mode_utopt()	user timeout option
7	_read_mode_tcpao()	TCP authentication option
8	_read_mode_mptcp()	multipath TCP

pcapkit.protocols.transport.tcp.mptcp_opt: Dict[int, Callable[[pcapkit.protocols.transport.tcp.TCP, str, int, int], DataType_TCP_MP_Opt]]

Process method for multipath TCP options [RFC 6824].

Code	Method	Description
0	_read_mptcp_capable()	MP_CAPABLE
1	_read_mptcp_join()	MP_JOIN
2	_read_mptcp_dss()	DSS
3	_read_mptcp_add()	ADD_ADDR
4	_read_mptcp_remove()	REMOVE_ADDR
5	_read_mptcp_prio()	MP_PRIO
6	_read_mptcp_fail()	MP_FAIL
7	_read_mptcp_fastclose()	MP_FASTCLOSE

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class pcapkit.protocols.transport.tcp.DataType_TCP

Bases

TypedDict

Structure of TCP header [RFC 793].

srcport: int

Source port.

dstport: int

Description port.

seq: int

Sequence number.

ack: int

Acknowledgement number.

hdr_len: int

Data offset.

flags: DataType_TCP_Flags

Flags.

window_size: int

Size of receive window.

checksum: bytes

Checksum.

urgent_pointer: int

Urgent pointer.

opt: Tuple[pcapkit.const.tcp.option.Option]

Array of TCP options.

packet: bytes

Raw packet data.

class pcapkit.protocols.transport.tcp.DataType_TCP_Flags

Bases

TypedDict

Flags.

ns: bool

ECN concealment protection.

cwr: bool

Congestion window reduced.

ece: bool

ECN-Echo.

urg: bool

Urgent.

ack: bool

Acknowledgement.

psh: bool

Push function.

rst: bool

Reset connection.

syn: bool

Synchronize sequence numbers.

fin: bool

Last packet from sender.

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt

Bases

TypedDict

Structure of TCP options.

kind: int

Option kind value.

length: int

Length of option.

class pcapkit.protocols.transport.tcp.DataType_TCP_OPT

Bases

TypedDict

TCP option dict parsing mapping.

flag: bool

If the length of option is GREATER THAN 1.

desc: str

Description string, also attribute name.

func: Optional[Callable[[int], int]]

Function, length of data bytes.

proc: Optional[int]

Process method that data bytes need (when flag is True).

See also

pcapkit.protocols.transport.tcp.process_opt

TCP Miscellaneous Options

No Process Options

For TCP options require no process, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.opt.kind	Kind
1	8	tcp.opt.length	Length
2	16	tcp.opt.data	Kind-specific Data

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_DONONE

Bases

DataType_TCP_Opt

Structure of TCP options.

data: bytes

Kind-specific data.

Unpack Process Options

For TCP options require unpack process, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.opt.kind	Kind
1	8	tcp.opt.length	Length
2	16	tcp.opt.data	Kind-specific Data

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_UNPACK

Bases

DataType_TCP_Opt

Structure of TCP options.

data: bytes

Kind-specific data.

Timestamps Option

For TCP Timestamps (TS) option as described in RFC 7323, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.ts.kind	Kind (8)
1	8	tcp.ts.length	Length (10)
2	16	tcp.ts.val	Timestamp Value
6	48	tcp.ts.ecr	Timestamps Echo Reply

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_TS

Bases

DataType_TCP_Opt

Structure of TCP TSopt [RFC 7323].

val: int

Timestamp value.

ecr: int

Timestamps echo reply.

Partial Order Connection Service Profile Option

For TCP Partial Order Connection Service Profile (POC-SP) option as described in RFC 1693 and RFC 6247, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.pocsp.kind	Kind (10)
1	8	tcp.pocsp.length	Length (3)
2	16	tcp.pocsp.start	Start Flag
2	17	tcp.pocsp.end	End Flag
2	18	tcp.pocsp.filler	Filler

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_POCSP

Bases

DataType_TCP_Opt

Structure of TCP POC-SP Option [RFC 1693][RFC 6247].

start: bool

Start flag.

end: bool

End flag.

filler: bytes

Filler.

Alternate Checksum Request Option

For TCP Alternate Checksum Request (CHKSUM-REQ) option as described in RFC 1146 and RFC 6247, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.chksumreq.kind	Kind (14)
1	8	tcp.chksumreq.length	Length (3)
2	16	tcp.chksumreq.ac	Checksum Algorithm

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_ACOPT

Bases

DataType_TCP_Opt

Structure of TCP CHKSUM-REQ [RFC 1146][RFC 6247].

ac: pcapkit.const.tcp.checksum.Checksum

Checksum algorithm.

Quick-Start Response Option

For TCP Quick-Start Response (QS) option as described in RFC 4782, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.qs.kind	Kind (27)
1	8	tcp.qs.length	Length (8)
2	16		Reserved (must be \x00)
2	20	tcp.qs.req_rate	Request Rate
3	24	tcp.qs.ttl_diff	TTL Difference
4	32	tcp.qs.nounce	QS Nounce
7	62		Reserved (must be \x00)

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_QSOPT

Bases

DataType_TCP_Opt

Structure of TCP QSopt [RFC 4782].

req_rate: int

Request rate.

ttl_diff: int

TTL difference.

nounce: int

QS nounce.

User Timeout Option

For TCP User Timeout (TIMEOUT) option as described in RFC 5482, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.timeout.kind	Kind (28)
1	8	tcp.timeout.length	Length (4)
2	16	tcp.timeout.granularity	Granularity
2	17	tcp.timeout.timeout	User Timeout

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_UTOPT

Bases

DataType_TCP_Opt

Structure of TCP TIMEOUT [RFC 5482].

granularity: Literal['minutes', 'seconds']

Granularity.

timeout: datetime.timedelta

User timeout.

Authentication Option

For Authentication (AO) option as described in RFC 5925, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.ao.kind	Kind (29)
1	8	tcp.ao.length	Length
2	16	tcp.ao.key_id	KeyID
3	24	tcp.ao.r_next_key_id	RNextKeyID
4	32	tcp.ao.mac	Message Authentication Code

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_TCPAO

Bases

DataType_TCP_Opt

Structure of TCP AOopt [RFC 5925].

key_id: int

KeyID.

r_next_key_id: int

RNextKeyID.

mac: bytes

Message authentication code.

Multipath TCP Options

For Multipath TCP (MP-TCP) options as described in RFC 6824, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.mp.kind	Kind (30)
1	8	tcp.mp.length	Length
2	16	tcp.mp.subtype	Subtype
2	20	tcp.mp.data	Subtype-specific Data

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MPTCP

Bases

DataType_TCP_Opt

Structure of MP-TCP [RFC 6824].

subtype: pcapkit.const.tcp.mp_tcp_option.MPTCPOption

Subtype.

data: Optional[bytes]

Subtype-specific data.

Multipath Capable Option

For Multipath Capable (MP_CAPABLE) options as described in RFC 6824, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.mp.kind	Kind (30)
1	8	tcp.mp.length	Length (12/20)
2	16	tcp.mp.subtype	Subtype (0)
2	20	tcp.mp.capable.version	Version
3	24	tcp.mp.capable.flags.req	Checksum Require Flag (A)
3	25	tcp.mp.capable.flags.ext	Extensibility Flag (B)
3	26	tcp.mp.capable.flags.res	Unassigned (C - G)
3	31	tcp.mp.capable.flags.hsa	HMAC-SHA1 Flag (H)
4	32	tcp.mp.capable.skey	Option Sender’s Key
12	96	tcp.mp.capable.rkey	Option Receiver’s Key (only if option length is 20)

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MP_CAPABLE

Bases

DataType_TCP_Opt_MPTCP

Structure of MP_CAPABLE [RFC 6824].

capable: DataType_TCP_Opt_MP_CAPABLE_Data

Subtype-specific data.

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MP_CAPABLE_Data

Bases

TypedDict

Structure of MP_CAPABLE [RFC 6824].

version: int

Version.

flags: DataType_TCP_Opt_MP_CAPABLE_Flags

Flags.

skey: int

Option sender’s key.

rkey: Optional[int]

Option receiver’s key.

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MP_CAPABLE_Flags

Bases

TypedDict

Flags.

req: bool

Checksum require flag.

ext: bool

Extensibility flag.

res: Tuple[bool, bool, bool, bool, bool]

Unassigned flags.

hsa: bool

HMAC-SHA1 flag.

Join Connection Option

For Join Connection (MP_JOIN) options as described in RFC 6824, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.mp.kind	Kind (30)
1	8	tcp.mp.length	Length
2	16	tcp.mp.subtype	Subtype (1)
2	20	tcp.mp.data	Handshake-specific Data

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MP_JOIN

Bases

DataType_TCP_Opt_MPTCP

Structure of MP_JOIN [RFC 6824].

connection: Optional[Literal['SYN/ACK', 'SYN', 'ACK']]

Join connection type.

join: DataType_TCP_Opt_MP_JOIN_Data

Subtype-specific data.

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MP_JOIN_Data

Bases

TypedDict

Structure of MP_JOIN [RFC 6824].

data: Optional[bytes]

Unknown type data.

MP_JOIN-SYN

For Join Connection (MP_JOIN-SYN) option for Initial SYN as described in RFC 6824, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.mp.kind	Kind (30)
1	8	tcp.mp.length	Length (12)
2	16	tcp.mp.subtype	Subtype (1 | SYN)
2	20		Reserved (must be \x00)
2	23	tcp.mp.join.syn.backup	Backup Path (B)
3	24	tcp.mp.join.syn.addr_id	Address ID
4	32	tcp.mp.join.syn.token	Receiver’s Token
8	64	tcp.mp.join.syn.rand_num	Sender’s Random Number

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MP_JOIN_SYN

Bases

DataType_TCP_Opt_MP_JOIN_Data

Structure of MP_JOIN-SYN [RFC 6824].

syn: DataType_TCP_Opt_MP_JOIN_SYN_Data

Subtype-specific data.

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MP_JOIN_SYN_Data

Bases

TypedDict

Structure of MP_JOIN-SYN [RFC 6824].

backup: bool

Backup path.

addr_id: int

Address ID.

token: int

Receiver’s token.

rand_num: int

Sender’s random number.

MP_JOIN-SYN/ACK

For Join Connection (MP_JOIN-SYN/ACK) option for Responding SYN/ACK as described in RFC 6824, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.mp.kind	Kind (30)
1	8	tcp.mp.length	Length (16)
2	16	tcp.mp.subtype	Subtype (1 | SYN/ACK)
2	20		Reserved (must be \x00)
2	23	tcp.mp.join.synack.backup	Backup Path (B)
3	24	tcp.mp.join.synack.addr_id	Address ID
4	32	tcp.mp.join.synack.hmac	Sender’s Truncated HMAC
12	96	tcp.mp.join.synack.rand_num	Sender’s Random Number

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MP_JOIN_SYNACK

Bases

DataType_TCP_Opt_MP_JOIN_Data

Structure of MP_JOIN-SYN/ACK [RFC 6824].

syn: DataType_TCP_Opt_MP_JOIN_SYNACK_Data

Subtype-specific data.

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MP_JOIN_SYNACK_Data

Bases

TypedDict

Structure of MP_JOIN-SYN/ACK [RFC 6824].

backup: bool

Backup path.

addr_id: int

Address ID.

hmac: bytes

Sender’s truncated HMAC.

rand_num: int

Sender’s random number.

MP_JOIN-ACK

For Join Connection (MP_JOIN-ACK) option for Third ACK as described in RFC 6824, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.mp.kind	Kind (30)
1	8	tcp.mp.length	Length (16)
2	16	tcp.mp.subtype	Subtype (1 | ACK)
2	20		Reserved (must be \x00)
4	32	tcp.mp.join.ack.hmac	Sender’s HMAC

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MP_JOIN_ACK

Bases

DataType_TCP_Opt_MP_JOIN_Data

Structure of MP_JOIN-ACK [RFC 6824].

syn: DataType_TCP_Opt_MP_JOIN_ACK_Data

Subtype-specific data.

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MP_JOIN_ACK_Data

Bases

TypedDict

Structure of MP_JOIN-ACK [RFC 6824].

hmac: bytes

Sender’s HMAC.

Data Sequence Signal Option

For Data Sequence Signal (DSS) options as described in RFC 6824, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.mp.kind	Kind (30)
1	8	tcp.mp.length	Length
2	16	tcp.mp.subtype	Subtype (2)
2	20		Reserved (must be \x00)
3	27	tcp.mp.dss.flags.fin	DATA_FIN (F)
3	28	tcp.mp.dss.flags.dsn_len	DSN Length (m)
3	29	tcp.mp.dss.flags.data_pre	DSN, SSN, Data-Level Length, CHKSUM Present (M)
3	30	tcp.mp.dss.flags.ack_len	ACK Length (a)
3	31	tcp.mp.dss.flags.ack_pre	Data ACK Present (A)
4	32	tcp.mp.dss.ack	Data ACK (4 / 8 octets)
8/12	64/96	tcp.mp.dss.dsn	DSN (4 / 8 octets)
12/20	48/160	tcp.mp.dss.ssn	Subflow Sequence Number
16/24	128/192	tcp.mp.dss.dl_len	Data-Level Length
18/26	144/208	tcp.mp.dss.checksum	Checksum

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_DSS

Bases

DataType_TCP_Opt_MPTCP

Structure of DSS [RFC 6824].

dss: DataType_TCP_Opt_DSS_Data

Subtype-specific data.

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_DSS_Data

Bases

TypedDict

Structure of DSS [RFC 6824].

flags: DataType_TCP_Opt_DSS_Flags

Flags.

ack: Optional[int]

Data ACK.

dsn: Optional[int]

DSN.

ssn: Optional[int]

Subflow sequence number.

dl_len: int

Data-level length.

checksum: bytes

Checksum.

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_DSS_Flags

Bases

TypedDict

Flags.

fin: bool

DATA_FIN.

dsn_len: int

DSN length.

data_pre: int

DSN, SSN, data-level length, checksum present.

ack_len: int

ACK length.

ack_pre: bool

ACK present.

Add Address Option

For Add Address (ADD_ADDR) options as described in RFC 6824, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.mp.kind	Kind (30)
1	8	tcp.mp.length	Length
2	16	tcp.mp.subtype	Subtype (3)
2	20	tcp.mp.add_addr.ip_ver	IP Version
3	24	tcp.mp.add_addr.addr_id	Address ID
4	32	tcp.mp.add_addr.addr	IP Address (4 / 16)
8/20	64/160	tcp.mp.add_addr.port	Port (optional)

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_ADD_ADDR

Bases

DataType_TCP_Opt_MPTCP

Structure of ADD_ADDR [RFC 6824].

add_addr: DataType_TCP_Opt_ADD_ADDR_Data

Subtype-specific data.

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_ADD_ADDR_Data

Bases

TypedDict

Structure of ADD_ADDR [RFC 6824].

ip_ver: Literal[4, 6]

IP version.

addr_id: int

Address ID.

addr: Union[ipaddress.IPv4Address, ipaddress.IPv6Address]

IP address.

port: Optional[int]

Port.

Remove Address Option

For Remove Address (REMOVE_ADDR) options as described in RFC 6824, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.mp.kind	Kind (30)
1	8	tcp.mp.length	Length
2	16	tcp.mp.subtype	Subtype (4)
2	20		Reserved (must be \x00)
3	24	tcp.mp.remove_addr.addr_id	Address ID (optional list)

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_REMOVE_ADDR

Bases

DataType_TCP_Opt_MPTCP

Structure of REMOVE_ADDR [RFC 6824].

remove_addr: DataType_TCP_Opt_REMOVE_ADDR_Data

Subtype-specific data.

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_REMOVE_ADDR_Data

Bases

TypedDict

Structure of REMOVE_ADDR [RFC 6824].

addr_id: Tuple[int]

Array of address IDs.

Change Subflow Priority Option

For Change Subflow Priority (MP_PRIO) options as described in RFC 6824, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.mp.kind	Kind (30)
1	8	tcp.mp.length	Length
2	16	tcp.mp.subtype	Subtype (4)
2	23	tcp.mp.prio.backup	Backup Path (B)
3	24	tcp.mp.prio.addr_id	Address ID (optional)

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MP_PRIO

Bases

DataType_TCP_Opt_MPTCP

Structure of MP_PRIO [RFC 6824].

prio: DataType_TCP_Opt_MP_PRIO_Data

Subtype-specific data.

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MP_PRIO_Data

Bases

TypedDict

Structure of MP_PRIO [RFC 6824].

backup: bool

Backup path.

addr_id: Optional[int]

Address ID.

Fallback Option

For Fallback (MP_FAIL) options as described in RFC 6824, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.mp.kind	Kind (30)
1	8	tcp.mp.length	Length
2	16	tcp.mp.subtype	Subtype (4)
2	23		Reserved (must be \x00)
4	32	tcp.mp.fail.dsn	Data Sequence Number

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MP_FAIL

Bases

DataType_TCP_Opt_MPTCP

Structure of MP_FAIL [RFC 6824].

fail: DataType_TCP_Opt_MP_FAIL_Data

Subtype-specific data.

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MP_FAIL_Data

Bases

TypedDict

Structure of MP_FAIL [RFC 6824].

dsn: int

Data sequence number.

Fast Close Option

For Fast Close (MP_FASTCLOSE) options as described in RFC 6824, its structure is described as below:

Octets	Bits	Name	Description
0	0	tcp.mp.kind	Kind (30)
1	8	tcp.mp.length	Length
2	16	tcp.mp.subtype	Subtype (4)
2	23		Reserved (must be \x00)
4	32	tcp.mp.fastclose.rkey	Option Receiver’s Key

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MP_FASTCLOSE

Bases

DataType_TCP_Opt_MPTCP

Structure of MP_FASTCLOSE [RFC 6824].

fastclose: DataType_TCP_Opt_MP_FASTCLOSE_Data

Subtype-specific data.

class pcapkit.protocols.transport.tcp.DataType_TCP_Opt_MP_FASTCLOSE_Data

Bases

TypedDict

Structure of MP_FASTCLOSE [RFC 6824].

rkey: int

Option receiver’s key.

---

*

https://en.wikipedia.org/wiki/Transmission_Control_Protocol

Base Protocol

pcapkit.protocols.transport.transport contains Transport, which is a base class for transport layer protocols, eg. TCP and UDP.

Application Layer Protocols

pcapkit.protocols.application is collection of all protocols in application layer, with detailed implementation and methods.

FTP - File Transfer Protocol

pcapkit.protocols.application.ftp contains FTP only, which implements extractor for File Transfer Protocol (FTP) *.

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class DataType_FTP_Request

Bases

TypedDict

Structure of FTP request packet [RFC 959].

type: Literal['request']

Packet type.

command: pcapkit.corekit.infoclass.Info

FTP command.

arg: Optional[str]

FTP command arguments.

raw: bytes

Raw packet data.

class DataType_FTP_Response

Bases

TypedDict

Structure of FTP response packet [RFC 959].

type: Literal['response']

Packet type.

code: pcapkit.const.ftp.return_code.ReturnCode

FTP response code.

arg: Optional[str]

FTP response arguments (messages).

mf: bool

More fragmented messages flag.

raw: bytes

Raw packet data.

---

*

https://en.wikipedia.org/wiki/File_Transfer_Protocol

HTTP - Hypertext Transfer Protocol

pcapkit.protocols.application.http contains HTTP only, which is a base class for Hypertext Transfer Protocol (HTTP) * family, eg. HTTP/1.* and HTTP/2.

---

*

https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol

HTTP/1.* - Hypertext Transfer Protocol

pcapkit.protocols.application.httpv1 contains HTTPv1 only, which implements extractor for Hypertext Transfer Protocol (HTTP/1.*) *, whose structure is described as below:

METHOD URL HTTP/VERSION\r\n :==: REQUEST LINE
<key> : <value>\r\n         :==: REQUEST HEADER
............  (Ellipsis)    :==: REQUEST HEADER
\r\n                        :==: REQUEST SEPARATOR
<body>                      :==: REQUEST BODY (optional)

HTTP/VERSION CODE DESP \r\n :==: RESPONSE LINE
<key> : <value>\r\n         :==: RESPONSE HEADER
............  (Ellipsis)    :==: RESPONSE HEADER
\r\n                        :==: RESPONSE SEPARATOR
<body>                      :==: RESPONSE BODY (optional)

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class DataType_HTTP

Bases

TypedDict

Structure of HTTP/1.* packet [RFC 7230].

receipt: Literal['request', 'response']

HTTP packet receipt.

header: Union[DataType_HTTP_Request_Header, DataType_HTTP_Response_Header]

Parsed HTTP header data.

body: bytes

HTTP body data.

raw: DataType_HTTP_Raw

Raw HTTP packet data.

class DataType_HTTP_Raw

Bases

TypedDict

Raw HTTP packet data.

header: bytes

Raw HTTP header data.

body: bytes

Raw HTTP body data.

packet: bytes

Raw HTTP packet data.

class DataType_HTTP_Request_Header

Bases

TypedDict

HTTP request header.

request: DataType_HTTP_Request_Header_Meta

Request metadata.

class DataType_HTTP_Response_Header

Bases

TypedDict

HTTP response header.

response: DataType_HTTP_Response_Header_Meta

Response metadata.

class DataType_HTTP_Request_Header_Meta

Bases

TypedDict

Request metadata.

method: str

HTTP request method.

target: str

HTTP request target URI.

version: Literal['0.9', '1.0', '1.1']

HTTP version string.

class DataType_HTTP_Response_Header_Meta

Bases

TypedDict

Response metadata.

version: Literal['0.9', '1.0', '1.1']

HTTP version string.

status: int

HTTP response status code.

phrase: str

HTTP response status reason.

---

*

https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol

HTTP/2 - Hypertext Transfer Protocol

pcapkit.protocols.application.httpv2 contains HTTPv2 only, which implements extractor for Hypertext Transfer Protocol (HTTP/2) *, whose structure is described as below:

Octets	Bits	Name	Description
0	0	http.length	Length
3	24	http.type	Type
4	32	http.flags	Flags
5	40		Reserved
5	41	http.sid	Stream Identifier
9	72	http.payload	Frame Payload

pcapkit.protocols.application.httpv2._HTTP_FUNC: Dict[int, Callable[[pcapkit.protocols.application.httpv2.HTTPv2, int, int, str], DataType_HTTPv2_Frame]]

Process method for HTTP/2 packets.

Code	Method	Description
N/A	_read_http_none()	Unsigned
0x00	_read_http_data()	DATA
0x01	_read_http_headers()	HEADERS
0x02	_read_http_priority()	PRIORITY
0x03	_read_http_rst_stream()	RST_STREAM
0x04	_read_http_settings()	SETTINGS
0x05	_read_http_push_promise()	PUSH_PROMISE
0x06	_read_http_ping()	PING
0x07	_read_http_goaway()	GOAWAY
0x08	_read_http_window_update()	WINDOW_UPDATE
0x09	_read_http_continuation()	CONTINUATION

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class pcapkit.protocols.application.httpv2.DataType_HTTPv2

Bases

TypedDict

Structure of HTTP/2 packet [RFC 7540].

length: int

Length.

type: pcapkit.const.http.frame.Frame

Type.

sid: int

Stream identifier.

packet: bytes

Raw packet data.

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_Frame

Bases

TypedDict

HTTP/2 packet data.

HTTP/2 Unassigned Frame

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_Unassigned

Bases

DataType_HTTPv2_Frame

flags: Literal[None]

HTTP/2 packet flags.

payload: Optional[types]

Raw packet payload.

HTTP/2 DATA Frame

For HTTP/2 DATA frame as described in RFC 7540, its structure is described as below:

Octets	Bits	Name	Description
0	0	http.length	Length
3	24	http.type	Type (0)
4	32	http.flags	Flags
5	40		Reserved
5	41	http.sid	Stream Identifier
9	72	http.pad_len	Pad Length (Optional)
10	80	http.data	Data
?	?		Padding (Optional)

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_DATA

Bases

DataType_HTTPv2_Frame

Structure of HTTP/2 DATA frame [RFC 7540].

flags: DataType_HTTPv2_DATA_Flags

HTTP/2 packet flags.

data: bytes

HTTP/2 transferred data.

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_DATA_Flags

Bases

TypedDict

HTTP/2 DATA frame packet flags.

END_STREAM: bool

Bit

0

PADDED: bool

Bit

3

HTTP/2 HEADERS Frame

For HTTP/2 HEADERS frame as described in RFC 7540, its structure is described as below:

Octets	Bits	Name	Description
0	0	http.length	Length
3	24	http.type	Type (1)
4	32	http.flags	Flags
5	40		Reserved
5	41	http.sid	Stream Identifier
9	72	http.pad_len	Pad Length (Optional)
10	80	http.exclusive	Exclusive Flag
10	81	http.deps	Stream Dependency (Optional)
14	112	http.weight	Weight (Optional)
15	120	http.frag	Header Block Fragment
?	?		Padding (Optional)

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_HEADERS

Bases

DataType_HTTPv2_Frame

Structure of HTTP/2 HEADERS frame [RFC 7540].

flags: DataType_HTTPv2_HEADERS_Flags

HTTP/2 packet flags.

frag: Optional[bytes]

Header block fragment.

pad_len: int

Pad length.

exclusive: bool

Exclusive flag.

deps: int

Stream dependency.

weight: int

Weight.

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_HEADERS_Flags

Bases

TypedDict

HTTP/2 HEADERS frame packet flags.

END_STREAM: bool

Bit

0

END_HEADERS: bool

Bit

2

PADDED: bool

Bit

3

PRIORITY: bool

Bit

5

HTTP/2 PRIORITY Frame

For HTTP/2 PRIORITY frame as described in RFC 7540, its structure is described as below:

Octets	Bits	Name	Description
0	0	http.length	Length
3	24	http.type	Type (2)
4	32	http.flags	Flags
5	40		Reserved
5	41	http.sid	Stream Identifier
9	72	http.exclusive	Exclusive Flag
9	73	http.deps	Stream Dependency
13	104	http.weight	Weight

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_PRIORITY

Bases

DataType_HTTPv2_Frame

Structure of HTTP/2 PRIORITY frame [RFC 7540].

flags: Literal[None]

HTTP/2 packet flags.

exclusive: bool

Exclusive flag.

deps: int

Stream dependency.

weight: int

Weight.

HTTP/2 RST_STREAM Frame

For HTTP/2 RST_STREAM frame as described in RFC 7540, its structure is described as below:

Octets	Bits	Name	Description
0	0	http.length	Length
3	24	http.type	Type (3)
4	32	http.flags	Flags
5	40		Reserved
5	41	http.sid	Stream Identifier
9	72	http.error	Error Code

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_RST_STREAM

Bases

DataType_HTTPv2_Frame

Structure of HTTP/2 PRIORITY frame [RFC 7540].

flags: Literal[None]

HTTP/2 packet flags.

error: pcapkit.const.http.error_code.ErrorCode

Error code.

HTTP/2 SETTINGS Frame

For HTTP/2 SETTINGS frame as described in RFC 7540, its structure is described as below:

Octets	Bits	Name	Description
0	0	http.length	Length
3	24	http.type	Type (4)
4	32	http.flags	Flags
5	40		Reserved
5	41	http.sid	Stream Identifier
9	72	http.settings	Settings
9	72	http.settings.id	Identifier
10	80	http.settings.value	Value

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_SETTINGS

Bases

DataType_HTTPv2_Frame

Structure of HTTP/2 SETTINGS frame [RFC 7540].

flags: DataType_HTTPv2_SETTINGS_Flags

HTTP/2 packet flags.

settings: Tuple[pcapkit.const.http.setting.Setting]

Array of HTTP/2 settings.

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_SETTINGS_Flags

Bases

TypedDict

HTTP/2 packet flags.

ACK: bool

Bit

0

HTTP/2 PUSH_PROMISE Frame

For HTTP/2 PUSH_PROMISE frame as described in RFC 7540, its structure is described as below:

Octets	Bits	Name	Description
0	0	http.length	Length
3	24	http.type	Type (5)
4	32	http.flags	Flags
5	40		Reserved
5	41	http.sid	Stream Identifier
9	72	http.pad_len	Pad Length (Optional)
10	80		Reserved
10	81	http.pid	Promised Stream ID
14	112	http.frag	Header Block Fragment
?	?		Padding (Optional)

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_PUSH_PROMISE

Bases

DataType_HTTPv2_Frame

Structure of HTTP/2 PUSH_PROMISE frame [RFC 7540].

flags: DataType_HTTPv2_PUSH_PROMISE_Flags

HTTP/2 packet flags.

pid: int

Promised stream ID.

frag: Optional[bytes]

Header block fragment.

pad_len: int

Pad length.

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_PUSH_PROMISE_Flags

Bases

TypedDict

HTTP/2 packet flags.

END_HEADERS: bool

Bit

2

PADDED: bool

Bit

3

HTTP/2 PING Frame

For HTTP/2 PING frame as described in RFC 7540, its structure is described as below:

Octets	Bits	Name	Description
0	0	http.length	Length
3	24	http.type	Type (6)
4	32	http.flags	Flags
5	40		Reserved
5	41	http.sid	Stream Identifier
9	72	http.data	Opaque Data

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_PING

Bases

DataType_HTTPv2_Frame

Structure of HTTP/2 PING frame [RFC 7540].

flags: DataType_HTTPv2_PING_Flags

HTTP/2 packet flags.

data: bytes

Opaque data.

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_PING_Flags

Bases

TypedDict

HTTP/2 packet flags.

ACK: bool

Bit

0

HTTP/2 GOAWAY Frame

For HTTP/2 GOAWAY frame as described in RFC 7540, its structure is described as below:

Octets	Bits	Name	Description
0	0	http.length	Length
3	24	http.type	Type (7)
4	32	http.flags	Flags
5	40		Reserved
5	41	http.sid	Stream Identifier
9	72		Reserved
9	73	http.last_sid	Last Stream ID
13	104	http.error	Error Code
17	136	http.data	Additional Debug Data (Optional)

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_GOAWAY

Bases

DataType_HTTPv2_Frame

Structure of HTTP/2 GOAWAY frame [RFC 7540].

flags: Literal[None]

HTTP/2 packet flags.

last_sid: int

Last stream ID.

error: pcapkit.const.http.error_code.ErrorCode

Error code.

data: Optional[None]

Additional debug data.

HTTP/2 WINDOW_UPDATE Frame

For HTTP/2 WINDOW_UPDATE frame as described in RFC 7540, its structure is described as below:

Octets	Bits	Name	Description
0	0	http.length	Length
3	24	http.type	Type (8)
4	32	http.flags	Flags
5	40		Reserved
5	41	http.sid	Stream Identifier
9	72		Reserved
9	73	http.window	Window Size Increment

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_WINDOW_UPDATE

Bases

DataType_HTTPv2_Frame

Structure of HTTP/2 WINDOW_UPDATE frame [RFC 7540].

flags: Literal[None]

HTTP/2 packet flags.

window: int

Window size increment.

HTTP/2 CONTINUATION Frame

For HTTP/2 CONTINUATION frame as described in RFC 7540, its structure is described as below:

Octets	Bits	Name	Description
0	0	http.length	Length
3	24	http.type	Type (9)
4	32	http.flags	Flags
5	40		Reserved
5	41	http.sid	Stream Identifier
9	73	http.frag	Header Block Fragment

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_CONTINUATION

Bases

DataType_HTTPv2_Frame

Structure of HTTP/2 CONTINUATION frame [RFC 7540].

flags: DataType_HTTPv2_CONTINUATION_Flags

HTTP/2 packet flags.

frag: bytes

Header block fragment.

class pcapkit.protocols.application.httpv2.DataType_HTTPv2_CONTINUATION_Flags

Bases

TypedDict

HTTP/2 packet flags.

END_HEADERS: bool

Bit

2

---

*

https://en.wikipedia.org/wiki/HTTP/2

Base Protocol

pcapkit.protocols.application.application contains only Application, which is a base class for application layer protocols, eg. HTTP/1.*, HTTP/2 and etc.

Miscellaneous Protocols

Raw Packet Data

pcapkit.protocols.misc.raw contains Raw only, which implements extractor for unknown protocol, and constructs a Protocol like object.

Data Structure

Important

Following classes are only for documentation purpose. They do NOT exist in the pcapkit module.

class DataType_Raw

Bases

TypedDict

Raw packet data.

packet: bytes

raw packet data

error: Optional[str]

optional error message

No-Payload Packet

pcapkit.protocols.null contains NoPayload only, which implements a Protocol like object whose payload is recursively NoPayload itself.

Base Protocol

Reassembly Packets & Datagrams

pcapkit.reassembly bases on algorithms described in RFC 815, implements datagram reassembly of IP and TCP packets.

Fragmented Packets Reassembly

pcapkit.foundation.reassembly.reassembly contains class:~pcapkit.foundation.reassembly.reassembly.Reassembly only, which is an abstract base class for all reassembly classes, bases on algorithms described in RFC 815, implements datagram reassembly of IP and TCP packets.

IP Datagram Reassembly

pcapkit.foundation.reassembly.ip contains IP_Reassembly only, which reconstructs fragmented IP packets back to origin. The following algorithm implement is based on IP reassembly procedure introduced in RFC 791, using RCVBT (fragment receivedbit table). Though another algorithm is explained in RFC 815, replacing RCVBT, however, this implement still used the elder one.

Notation

FO	Fragment Offset
IHL	Internet Header Length
MF	More Fragments Flag
TTL	Time To Live
NFB	Number of Fragment Blocks
TL	Total Length
TDL	Total Data Length
BUFID	Buffer Identifier
RCVBT	Fragment Received Bit Table
TLB	Timer Lower Bound

Algorithm

DO {
   BUFID <- source|destination|protocol|identification;

   IF (FO = 0 AND MF = 0) {
      IF (buffer with BUFID is allocated) {
         flush all reassembly for this BUFID;
         Submit datagram to next step;
         DONE.
      }
   }

   IF (no buffer with BUFID is allocated) {
      allocate reassembly resources with BUFID;
      TIMER <- TLB;
      TDL <- 0;
      put data from fragment into data buffer with BUFID
         [from octet FO*8 to octet (TL-(IHL*4))+FO*8];
      set RCVBT bits [from FO to FO+((TL-(IHL*4)+7)/8)];
   }

   IF (MF = 0) {
      TDL <- TL-(IHL*4)+(FO*8)
   }

   IF (FO = 0) {
      put header in header buffer
   }

   IF (TDL # 0 AND all RCVBT bits [from 0 to (TDL+7)/8] are set) {
      TL <- TDL+(IHL*4)
      Submit datagram to next step;
      free all reassembly resources for this BUFID;
      DONE.
   }

   TIMER <- MAX(TIMER,TTL);

} give up until (next fragment or timer expires);

timer expires: {
   flush all reassembly with this BUFID;
   DONE.
}

Implementation

IPv4 Datagram Reassembly

pcapkit.foundation.reassembly.ipv4 contains IPv4_Reassembly only, which reconstructs fragmented IPv4 packets back to origin. Please refer to IP Datagram Reassembly for more information.

Data Structure

ipv4.packet

Data structure for IPv4 datagram reassembly (reassembly()) is as following:

ipv4.datagram

Data structure for reassembled IPv4 datagram (element from datagram tuple) is as following:

ipv4.buffer

Data structure for internal buffering when performing reassembly algorithms (_buffer) is as following:

(dict) buffer --> memory buffer for reassembly
 |--> (tuple) BUFID : (dict)
 |     |--> ipv4.src       |
 |     |--> ipc6.dst       |
 |     |--> ipv4.label     |
 |     |--> ipv4_frag.next |
 |                         |--> 'TDL' : (int) total data length
 |                         |--> RCVBT : (bytearray) fragment received bit table
 |                         |             |--> (bytes) b'\x00' -> not received
 |                         |             |--> (bytes) b'\x01' -> received
 |                         |             |--> (bytes) ...
 |                         |--> 'index' : (list) list of reassembled packets
 |                         |               |--> (int) packet range number
 |                         |--> 'header' : (bytearray) header buffer
 |                         |--> 'datagram' : (bytearray) data buffer, holes set to b'\x00'
 |--> (tuple) BUFID ...

Implementation

IPv6 Datagram Reassembly

pcapkit.foundation.reassembly.ipv6 contains IPv6_Reassembly only, which reconstructs fragmented IPv6 packets back to origin. Please refer to IP Datagram Reassembly for more information.

Data Structure

ipv6.packet

Data structure for IPv6 datagram reassembly (reassembly()) is as following:

packet_dict = dict(
  bufid = tuple(
      ipv6.src,                   # source IP address
      ipv6.dst,                   # destination IP address
      ipv6.label,                 # label
      ipv6_frag.next,             # next header field in IPv6 Fragment Header
  ),
  num = frame.number,             # original packet range number
  fo = ipv6_frag.offset,          # fragment offset
  ihl = ipv6.hdr_len,             # header length, only headers before IPv6-Frag
  mf = ipv6_frag.mf,              # more fragment flag
  tl = ipv6.len,                  # total length, header includes
  header = ipv6.header,           # raw bytearray type header before IPv6-Frag
  payload = ipv6.payload,         # raw bytearray type payload after IPv6-Frag
)

ipv6.datagram

Data structure for reassembled IPv6 datagram (element from datagram tuple) is as following:

(tuple) datagram
 |--> (dict) data
 |     |--> 'NotImplemented' : (bool) True --> implemented
 |     |--> 'index' : (tuple) packet numbers
 |     |               |--> (int) original packet range number
 |     |--> 'packet' : (Optional[bytes]) reassembled IPv6 packet
 |--> (dict) data
 |     |--> 'NotImplemented' : (bool) False --> not implemented
 |     |--> 'index' : (tuple) packet numbers
 |     |               |--> (int) original packet range number
 |     |--> 'header' : (Optional[bytes]) IPv6 header
 |     |--> 'payload' : (Optional[tuple]) partially reassembled IPv6 payload
 |                       |--> (Optional[bytes]) IPv4 payload fragment
 |--> (dict) data ...

ipv6.buffer

Data structure for internal buffering when performing reassembly algorithms (_buffer) is as following:

(dict) buffer --> memory buffer for reassembly
 |--> (tuple) BUFID : (dict)
 |     |--> ipv6.src       |
 |     |--> ipc6.dst       |
 |     |--> ipv6.label     |
 |     |--> ipv6_frag.next |
 |                         |--> 'TDL' : (int) total data length
 |                         |--> RCVBT : (bytearray) fragment received bit table
 |                         |             |--> (bytes) b'\x00' -> not received
 |                         |             |--> (bytes) b'\x01' -> received
 |                         |             |--> (bytes) ...
 |                         |--> 'index' : (list) list of reassembled packets
 |                         |               |--> (int) packet range number
 |                         |--> 'header' : (bytearray) header buffer
 |                         |--> 'datagram' : (bytearray) data buffer, holes set to b'\x00'
 |--> (tuple) BUFID ...

Implementation

TCP Datagram Reassembly

pcapkit.foundation.reassembly.tcp contains TCP_Reassembly only, which reconstructs fragmented TCP packets back to origin. The algorithm for TCP reassembly is described as below.

Notation

DSN	Data Sequence Number
ACK	TCP Acknowledgement
SYN	TCP Synchronisation Flag
FIN	TCP Finish Flag
RST	TCP Reset Connection Flag
BUFID	Buffer Identifier
HDL	Hole Discriptor List
ISN	Initial Sequence Number
src	source IP
dst	destination IP
srcport	source TCP port
dstport	destination TCP port

Algorithm

DO {
   BUFID <- src|dst|srcport|dstport|ACK;
   IF (SYN is true) {
      IF (buffer with BUFID is allocated) {
         flush all reassembly for this BUFID;
         submit datagram to next step;
      }
   }

   IF (no buffer with BUFID is allocated) {
      allocate reassembly resources with BUFID;
      ISN <- DSN;
      put data from fragment into data buffer with BUFID
         [from octet fragment.first to octet fragment.last];
      update HDL;
   }

   IF (FIN is true or RST is true) {
      submit datagram to next step;
      free all reassembly resources for this BUFID;
      BREAK.
   }
} give up until (next fragment);

update HDL: {
   DO {
      select the next hole descriptor from HDL;

      IF (fragment.first >= hole.first) CONTINUE.
      IF (fragment.last <= hole.first) CONTINUE.

      delete the current entry from HDL;

      IF (fragment.first >= hole.first) {
         create new entry "new_hole" in HDL;
         new_hole.first <- hole.first;
         new_hole.last <- fragment.first - 1;
         BREAK.
      }

      IF (fragment.last <= hole.last) {
         create new entry "new_hole" in HDL;
         new_hole.first <- fragment.last + 1;
         new_hole.last <- hole.last;
         BREAK.
      }
   } give up until (no entry from HDL)
}

The following algorithm implement is based on IP Datagram Reassembly Algorithm introduced in RFC 815. It described an algorithm dealing with RCVBT (fragment received bit table) appeared in RFC 791. And here is the process:

1. Select the next hole descriptor from the hole descriptor list. If there are no more entries, go to step eight.

2. If fragment.first is greater than hole.last, go to step one.

3. If fragment.last is less than hole.first, go to step one.

4. Delete the current entry from the hole descriptor list.

5. If fragment.first is greater than hole.first, then create a new hole descriptor new_hole with new_hole.first equal to hole.first, and new_hole.last equal to fragment.first minus one (-1).

6. If fragment.last is less than hole.last and fragment.more_fragments is true, then create a new hole descriptor new_hole, with new_hole.first equal to fragment.last plus one (+1) and new_hole.last equal to hole.last.

7. Go to step one.

8. If the hole descriptor list is now empty, the datagram is now complete. Pass it on to the higher level protocol processor for further handling. Otherwise, return.

Data Structure

tcp.packet

Data structure for TCP datagram reassembly (reassembly()) is as following:

packet_dict = Info(
  bufid = tuple(
      ip.src,                     # source IP address
      ip.dst,                     # destination IP address
      tcp.srcport,                # source port
      tcp.dstport,                # destination port
  ),
  num = frame.number,             # original packet range number
  syn = tcp.flags.syn,            # synchronise flag
  fin = tcp.flags.fin,            # finish flag
  rst = tcp.flags.rst,            # reset connection flag
  len = tcp.raw_len,              # payload length, header excludes
  first = tcp.seq,                # this sequence number
  last = tcp.seq + tcp.raw_len,   # next (wanted) sequence number
  payload = tcp.raw,              # raw bytearray type payload
)

tcp.datagram

Data structure for reassembled TCP datagram (element from datagram tuple) is as following:

(tuple) datagram
 |--> (Info) data
 |     |--> 'NotImplemented' : (bool) True --> implemented
 |     |--> 'id' : (Info) original packet identifier
 |     |            |--> 'src' --> (tuple)
 |     |            |               |--> (str) ip.src
 |     |            |               |--> (int) tcp.srcport
 |     |            |--> 'dst' --> (tuple)
 |     |            |               |--> (str) ip.dst
 |     |            |               |--> (int) tcp.dstport
 |     |            |--> 'ack' --> (int) original packet ACK number
 |     |--> 'index' : (tuple) packet numbers
 |     |               |--> (int) original packet range number
 |     |--> 'payload' : (Optional[bytes]) reassembled application layer data
 |     |--> 'packets' : (Tuple[Analysis]) analysed payload
 |--> (Info) data
 |     |--> 'NotImplemented' : (bool) False --> not implemented
 |     |--> 'id' : (Info) original packet identifier
 |     |            |--> 'src' --> (tuple)
 |     |            |               |--> (str) ip.src
 |     |            |               |--> (int) tcp.srcport
 |     |            |--> 'dst' --> (tuple)
 |     |            |               |--> (str) ip.dst
 |     |            |               |--> (int) tcp.dstport
 |     |            |--> 'ack' --> (int) original packet ACK number
 |     |--> 'ack' : (int) original packet ACK number
 |     |--> 'index' : (tuple) packet numbers
 |     |               |--> (int) original packet range number
 |     |--> 'payload' : (Optional[tuple]) partially reassembled payload
 |     |                 |--> (Optional[bytes]) payload fragment
 |     |--> 'packets' : (Tuple[Analysis]) analysed payloads
 |--> (Info) data ...

tcp.buffer

Data structure for internal buffering when performing reassembly algorithms (_buffer) is as following:

(dict) buffer --> memory buffer for reassembly
 |--> (tuple) BUFID : (dict)
 |       |--> ip.src      |
 |       |--> ip.dst      |
 |       |--> tcp.srcport |
 |       |--> tcp.dstport |
 |                        |--> 'hdl' : (list) hole descriptor list
 |                        |             |--> (Info) hole --> hole descriptor
 |                        |                   |--> "first" --> (int) start of hole
 |                        |                   |--> "last" --> (int) stop of hole
 |                        |--> (int) ACK : (dict)
 |                        |                 |--> 'ind' : (list) list of reassembled packets
 |                        |                 |             |--> (int) packet range number
 |                        |                 |--> 'isn' : (int) ISN of payload buffer
 |                        |                 |--> 'len' : (int) length of payload buffer
 |                        |                 |--> 'raw' : (bytearray) reassembled payload, holes set to b'\x00'
 |                        |--> (int) ACK ...
 |                        |--> ...
 |--> (tuple) BUFID ...

Implementation

Core Utilities

pcapkit.corekit is the collection of core utilities for pcapkit implementation, including dict like class Info, tuple like class VersionInfo, and protocol collection class ProtoChain.

Info Class

pcapkit.corekit.infoclass contains dict like class Info only, which is originally designed to work alike dataclasses.dataclass() as introduced in PEP 557.

Protocol Chain

pcapkit.corekit.protochain contains special protocol collection class ProtoChain.

Version Info

pcapkit.corekit.version contains tuple like class VersionInfo, which is originally designed alike sys.version_info.

Dump Utilities

pcapkit.dumpkit is the collection of dumpers for pcapkit implementation, which is alike those described in dictdumper.

PCAP Dumper

Undefined Dumper

Compatibility Tools

pcapkit.toolkit provides several utility functions for compatibility of multiple engine support.

Default (PyPCAPKit) Tools

pcapkit.toolkit.default contains all you need for pcapkit handy usage. All functions returns with a flag to indicate if usable for its caller.

DPKT Tools

pcapkit.toolkit.dpkt contains all you need for pcapkit handy usage with DPKT engine. All reforming functions returns with a flag to indicate if usable for its caller.

PyShark Tools

pcapkit.toolkit.pyshark contains all you need for pcapkit handy usage with PyShark engine. All reforming functions returns with a flag to indicate if usable for its caller.

Scapy Tools

pcapkit.toolkit.scapy contains all you need for pcapkit handy usage with Scapy engine. All reforming functions returns with a flag to indicate if usable for its caller.

Utility Functions & Classes

pcapkit.utilities contains several useful functions and classes which are fundations of pcapkit, including decorater function seekset() and beholder(), and several user-refined exceptions and validations.

Decorator Functions

pcapkit.utilities.decorators contains several useful decorators, including seekset() and beholder().

@pcapkit.utilities.decorators.seekset

Read file from start then set back to original.

Important

This decorator function is designed for decorating class methods.

The decorator will keep the current offset of self._file, then call the decorated function. Afterwards, it will rewind the offset of self._file to the original and returns the return value from the decorated function.

Note

The decorated function should have following signature:

func(self, *args, **kw)

See also

pcapkit.protocols.protocol.Protocol._read_packet()

Parameters

func (Callable[Concatenate[Protocol, P], R]) –

Return type

Callable[P, R]

@pcapkit.utilities.decorators.beholder

Behold extraction procedure.

Important

This decorator function is designed for decorating class methods.

This decorate first keep the current offset of self._file, then try to call the decorated function. Should any exception raised, it will re-parse the self._file as Raw protocol.

Note

The decorated function should have following signature:

func(self, proto, length, *args, **kwargs)

See also

pcapkit.protocols.protocol.Protocol._decode_next_layer()

Parameters

func (Callable[Concatenate[Protocol, int, Optional[int], P], R]) –

Return type

Callable[P, R]

Important

pcapkit.utilities.decorators.seekset() and pcapkit.utilities.decorators.beholder() are designed for decorating class methods.

User Defined Exceptions

pcapkit.exceptions refined built-in exceptions. Make it possible to show only user error stack infomation *, when exception raised on user’s operation.

exception pcapkit.utilities.exceptions.BaseError(*args, quiet=False, **kwargs)

Bases: Exception

Base error class of all kinds.

Important

• Turn off system-default traceback function by set sys.tracebacklimit to 0.

• But bugs appear in Python 3.6, so we have to set sys.tracebacklimit to None.

  Note

  This note is deprecated since Python fixed the problem above.

• In Python 2.7, trace.print_stack(limit)() dose not support negative limit.

See also

pcapkit.utilities.exceptions.stacklevel()

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

__init__(*args, quiet=False, **kwargs)

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.BoolError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The argument(s) must be bool type.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.BytearrayError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The argument(s) must be bytearray type.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.BytesError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The argument(s) must be bytes type.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.CallableError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The argument(s) must be callable.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.ComparisonError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

Rich comparison not supported between instances.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.ComplexError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The function is not defined for complex instance.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.DictError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The argument(s) must be dict type.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.DigitError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The argument(s) must be (a) number(s).

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.EndianError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, ValueError

Invalid endian (byte order).

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.EnumError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The argument(s) must be enumeration protocol type.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.FileError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, OSError

[Errno 5] Wrong file format.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.FileExists(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, FileExistsError

[Errno 17] File already exists.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.FileNotFound(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, FileNotFoundError

[Errno 2] File not found.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.FormatError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, AttributeError

Unknown format(s).

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.FragmentError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, KeyError

Invalid fragment dict.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.IOObjError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The argument(s) must be file-like object.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.IPError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The argument(s) must be IP address.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.IndexNotFound(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, ValueError

Protocol not in ProtoChain.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.InfoError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The argument(s) must be Info instance.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.IntError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The argument(s) must be integral.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.IterableError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The argument(s) must be iterable.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.KeyExists(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, ValueError

Key already exists.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.ListError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The argument(s) must be list type.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.MissingKeyError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, KeyError

Key not found.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.ModuleNotFound(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, ModuleNotFoundError

Module not found.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.PacketError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, KeyError

Invalid packet dict.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.ProtocolError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, ValueError

Invalid protocol format.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.ProtocolNotFound(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, IndexError

Protocol not found in ProtoChain.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.ProtocolNotImplemented(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, NotImplementedError

Protocol not implemented.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.ProtocolUnbound(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

Protocol slice unbound.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.RealError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The function is not defined for real number.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.RegistryError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The argument(s) must be registry type.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.StringError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The argument(s) must be str type.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.StructError(*args, eof=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, struct.error

Unpack failed.

Parameters

• args (Any) –

• eof (bool) –

• kwargs (Any) –

Return type

None

__init__(*args, eof=False, **kwargs)

Parameters

• args (Any) –

• eof (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.TupleError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, TypeError

The argument(s) must be tuple type.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.UnsupportedCall(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, AttributeError

Unsupported function or property call.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.VendorNotImplemented(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, NotImplementedError

Vendor not implemented.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.exceptions.VersionError(*args, quiet=False, **kwargs)

Bases: pcapkit.utilities.exceptions.BaseError, ValueError

Unknown IP version.

Parameters

• args (Any) –

• quiet (bool) –

• kwargs (Any) –

Return type

None

pcapkit.utilities.exceptions.stacklevel()

Fetch current stack level.

The function will walk through the straceback stack (traceback.extract_stack()), and fetch the stack level where the path contains /pcapkit/. So that it won’t display any disturbing internal traceback information when raising errors.

Returns

Stack level until internal stacks, i.e. contains /pcapkit/.

Return type

int

---

*

See tbtrim project for a modern Pythonic implementation.

Logging System

pcapkit.utilities.logging contains naïve integration of the Python logging system, i.e. a logging.Logger instance as logger.

pcapkit.utilities.logging.logger = <Logger pcapkit (INFO)>

Logger instance named after pcapkit.

Type

logging.Logger

Validation Utilities

pcapkit.utilities.validations contains functions to validate arguments for functions and classes. It was first used in PyNTLib as validators.

User Defined Warnings

pcapkit.warnings refined built-in warnings.

exception pcapkit.utilities.warnings.AttributeWarning(*args, **kwargs)

Bases: pcapkit.utilities.warnings.BaseWarning, RuntimeWarning

Unsupported attribute.

Parameters

• args (Any) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.warnings.BaseWarning(*args, **kwargs)

Bases: UserWarning

Base warning class of all kinds.

Parameters

• args (Any) –

• kwargs (Any) –

Return type

None

__init__(*args, **kwargs)

Parameters

• args (Any) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.warnings.DPKTWarning(*args, **kwargs)

Bases: pcapkit.utilities.warnings.BaseWarning, ResourceWarning

Warnings on DPKT usage.

Parameters

• args (Any) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.warnings.DevModeWarning(*args, **kwargs)

Bases: pcapkit.utilities.warnings.BaseWarning, RuntimeWarning

Run in development mode.

Parameters

• args (Any) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.warnings.EngineWarning(*args, **kwargs)

Bases: pcapkit.utilities.warnings.BaseWarning, ImportWarning

Unsupported extraction engine.

Parameters

• args (Any) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.warnings.FileWarning(*args, **kwargs)

Bases: pcapkit.utilities.warnings.BaseWarning, RuntimeWarning

Warning on file(s).

Parameters

• args (Any) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.warnings.FormatWarning(*args, **kwargs)

Bases: pcapkit.utilities.warnings.BaseWarning, ImportWarning

Warning on unknown format(s).

Parameters

• args (Any) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.warnings.InvalidVendorWarning(*args, **kwargs)

Bases: pcapkit.utilities.warnings.BaseWarning, ImportWarning

Vendor CLI invalid updater.

Parameters

• args (Any) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.warnings.LayerWarning(*args, **kwargs)

Bases: pcapkit.utilities.warnings.BaseWarning, RuntimeWarning

Unrecognised layer.

Parameters

• args (Any) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.warnings.ProtocolWarning(*args, **kwargs)

Bases: pcapkit.utilities.warnings.BaseWarning, RuntimeWarning

Unrecognised protocol.

Parameters

• args (Any) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.warnings.PySharkWarning(*args, **kwargs)

Bases: pcapkit.utilities.warnings.BaseWarning, ResourceWarning

Warnings on PyShark usage.

Parameters

• args (Any) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.warnings.ScapyWarning(*args, **kwargs)

Bases: pcapkit.utilities.warnings.BaseWarning, ResourceWarning

Warnings on Scapy usage.

Parameters

• args (Any) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.warnings.VendorRequestWarning(*args, **kwargs)

Bases: pcapkit.utilities.warnings.BaseWarning, RuntimeWarning

Vendor request connection failed.

Parameters

• args (Any) –

• kwargs (Any) –

Return type

None

exception pcapkit.utilities.warnings.VendorRuntimeWarning(*args, **kwargs)

Bases: pcapkit.utilities.warnings.BaseWarning, RuntimeWarning

Vendor failed during runtime.

Parameters

• args (Any) –

• kwargs (Any) –

Return type

None

pcapkit.utilities.warnings.warn(message, category, stacklevel=None)

Wrapper function of warnings.warn().

Parameters

• message (Union[str, Warning]) – Warning message.

• category (Type[Warning]) – Warning category.

• stacklevel (Optional[int]) – Warning stack level.

Return type

None

Constant Enumerations

ARP Constant Enumerations

ARP Hardware Types *

class pcapkit.const.arp.hardware.Hardware(value=<no_arg>, names=None, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: aenum.IntEnum

[Hardware] Hardware Types [RFC 826][RFC 5494]

classmethod _missing_(value)

Lookup function used when value is not found.

Parameters

value (int) –

Return type

pcapkit.const.arp.hardware.Hardware

static get(key, default=- 1)

Backport support for original codes.

Parameters

• key (int | str) –

• default (int) –

Return type

Hardware

AEthernet = 257

AEthernet [Geoffroy Gramaize]

ARCNET = 7

ARCNET [RFC 1201]

ARPSec = 30

ARPSec [Jerome Etienne]

Amateur_Radio_AX_25 = 3

Amateur Radio AX.25 [Philip Koch]

Asynchronous_Transmission_Mode_16 = 16

Asynchronous Transmission Mode (ATM) [JXB2]

Asynchronous_Transmission_Mode_19 = 19

Asynchronous Transmission Mode (ATM) [RFC 2225]

Asynchronous_Transmission_Mode_21 = 21

Asynchronous Transmission Mode (ATM) [Mike Burrows]

Autonet_Short_Address = 10

Autonet Short Address [Mike Burrows]

Chaos = 5

Chaos [Gill Pratt]

EUI_64 = 27

EUI-64 [Kenji Fujisawa]

Ethernet = 1

Ethernet (10Mb) [Jon Postel]

Experimental_Ethernet = 2

Experimental Ethernet (3Mb) [Jon Postel]

Fibre_Channel = 18

Fibre Channel [RFC 4338]

Frame_Relay = 15

Frame Relay [Andy Malis]

HDLC = 17

HDLC [Jon Postel]

HFI = 37

HFI [Tseng-Hui Lin]

HIPARP = 28

HIPARP [Jean Michel Pittet]

HW_EXP1 = 36

HW_EXP1 [RFC 5494]

HW_EXP2 = 256

HW_EXP2 [RFC 5494]

Hyperchannel = 8

Hyperchannel [Jon Postel]

IEEE_1394_1995 = 24

IEEE 1394.1995 [Myron Hattig]

IEEE_802_Networks = 6

IEEE 802 Networks [Jon Postel]

IP_and_ARP_over_ISO_7816_3 = 29

IP and ARP over ISO 7816-3 [Scott Guthery]

IPsec_tunnel = 31

IPsec tunnel [RFC 3456]

InfiniBand = 32

InfiniBand (TM) [RFC 4391]

Lanstar = 9

Lanstar [Tom Unger]

LocalNet = 12

LocalNet (IBM PCNet or SYTEK LocalNET) [Joseph Murdock]

LocalTalk = 11

LocalTalk [Joyce K Reynolds]

MAPOS = 25

MAPOS [Mitsuru Maruyama][RFC 2176]

MIL_STD_188_220 = 22

MIL-STD-188-220 [Herb Jensen]

Metricom = 23

Metricom [Jonathan Stone]

Proteon_ProNET_Token_Ring = 4

Proteon ProNET Token Ring [Avri Doria]

Pure_IP = 35

Pure IP [Inaky Perez-Gonzalez]

Reserved_0 = 0

Reserved [RFC 5494]

Reserved_65535 = 65535

Reserved [RFC 5494]

SMDS = 14

SMDS [George Clapp]

Serial_Line = 20

Serial Line [Jon Postel]

TIA_102_Project_25_Common_Air_Interface = 33

TIA-102 Project 25 Common Air Interface (CAI) [Jeff Anderson, Telecommunications Industry of America (TIA) TR-8.5 Formulating Group, <cja015&motorola.com>, June 2004]

Twinaxial = 26

Twinaxial [Marion Pitts]

Ultra_link = 13

Ultra link [Rajiv Dhingra]

Wiegand_Interface = 34

Wiegand Interface [Scott Guthery 2]

Operation Codes †

class pcapkit.const.arp.operation.Operation(value=<no_arg>, names=None, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: aenum.IntEnum

[Operation] Operation Codes [RFC 826][RFC 5494]

classmethod _missing_(value)

Lookup function used when value is not found.

Parameters

value (int) –

Return type

pcapkit.const.arp.operation.Operation

static get(key, default=- 1)

Backport support for original codes.

Parameters

• key (int | str) –

• default (int) –

Return type

Operation

ARP_NAK = 10

ARP-NAK [RFC 1577]

DRARP_Error = 7

DRARP-Error [RFC 1931]

DRARP_Reply = 6

DRARP-Reply [RFC 1931]

DRARP_Request = 5

DRARP-Request [RFC 1931]

InARP_Reply = 9

InARP-Reply [RFC 2390]

InARP_Request = 8

InARP-Request [RFC 2390]

MAPOS_UNARP = 23

MAPOS-UNARP [Mitsuru Maruyama][RFC 2176]

MARS_Grouplist_Reply = 21

MARS-Grouplist-Reply [Grenville Armitage]

MARS_Grouplist_Request = 20

MARS-Grouplist-Request [Grenville Armitage]

MARS_Join = 14

MARS-Join [Grenville Armitage]

MARS_Leave = 15

MARS-Leave [Grenville Armitage]

MARS_MServ = 13

MARS-MServ [Grenville Armitage]

MARS_Multi = 12

MARS-Multi [Grenville Armitage]

MARS_NAK = 16

MARS-NAK [Grenville Armitage]

MARS_Redirect_Map = 22

MARS-Redirect-Map [Grenville Armitage]

MARS_Request = 11

MARS-Request [Grenville Armitage]

MARS_SJoin = 18

MARS-SJoin [Grenville Armitage]

MARS_SLeave = 19

MARS-SLeave [Grenville Armitage]

MARS_Unserv = 17

MARS-Unserv [Grenville Armitage]

OP_EXP1 = 24

OP_EXP1 [RFC 5494]

OP_EXP2 = 25

OP_EXP2 [RFC 5494]

REPLY = 2

REPLY [RFC 826][RFC 5227]

REQUEST = 1

REQUEST [RFC 826][RFC 5227]

Reserved_0 = 0

Reserved [RFC 5494]

Reserved_65535 = 65535

Reserved [RFC 5494]

reply_Reverse = 4

reply Reverse [RFC 903]

request_Reverse = 3

request Reverse [RFC 903]

---

*

https://www.iana.org/assignments/arp-parameters/arp-parameters.xhtml#arp-parameters-2

†

https://www.iana.org/assignments/arp-parameters/arp-parameters.xhtml#arp-parameters-1

FTP Constant Enumerations

FTP Commands *

FTP Return Codes †

---

*

https://www.iana.org/assignments/ftp-commands-extensions/ftp-commands-extensions.xhtml#ftp-commands-extensions-2

†

https://en.wikipedia.org/wiki/List_of_FTP_server_return_codes

HIP Constant Enumerations

HIP Certificate Types *

HIP Cipher IDs †

DI-Types ‡

ECDSA Curve Label §

ECDSA_LOW Curve Label ¶

ESP Transform Suite IDs #

Group IDs ♠

HI Algorithm ♥

HIT Suite ID ♦

HIP NAT Traversal Modes ♣

Notify Message Types **

Packet Types ††

Parameter Types ‡‡

Registration Types §§

Registration Failure Types ¶¶

Suite IDs ##

HIP Transport Modes ♠♠

---

*

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#certificate-types

†

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-cipher-id

‡

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-parameters-7

§

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#ecdsa-curve-label

¶

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#ecdsa-low-curve-label

#

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#esp-transform-suite-ids

♠

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-parameters-5

♥

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hi-algorithm

♦

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hit-suite-id

♣

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#nat-traversal

**

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-parameters-9

††

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-parameters-1

‡‡

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-parameters-4

§§

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-parameters-11

¶¶

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-parameters-13

##

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-parameters-6

♠♠

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#transport-modes

HTTP Constant Enumerations

HTTP/2 Error Code *

HTTP/2 Frame Type †

HTTP/2 Settings ‡

---

*

https://www.iana.org/assignments/http2-parameters/http2-parameters.xhtml#error-code

†

https://www.iana.org/assignments/http2-parameters/http2-parameters.xhtml#frame-type

‡

https://www.iana.org/assignments/http2-parameters/http2-parameters.xhtml#settings

IPv4 Constant Enumerations

Classification Level Encodings

Option Classes

IP Option Numbers *

Protection Authority Bit Assignments

QS Functions

IPv4 Router Alert Option Values †

ToS (DS Field) Delay

ToS ECN Field

ToS (DS Field) Precedence

ToS (DS Field) Reliability

ToS (DS Field) Throughput

---

*

https://www.iana.org/assignments/ip-parameters/ip-parameters.xhtml#ip-parameters-1

†

https://www.iana.org/assignments/ip-parameters/ip-parameters.xhtml#ipv4-router-alert-option-values

IPv6 Constant Enumerations

IPv6 Extension Header Types *

Destination Options and Hop-by-Hop Options †

IPv6 QS Functions

IPv6 Router Alert Option Values ‡

Routing Types §

Seed-ID Types

TaggerId Types ¶

---

*

https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml#extension-header

†

https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml#ipv6-parameters-2

‡

https://www.iana.org/assignments/ipv6-routeralert-values/ipv6-routeralert-values.xhtml#ipv6-routeralert-values-1

§

https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml#ipv6-parameters-3

¶

https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml#taggerId-types

IPX Constant Enumerations

IPX Packet Types *

IPX Socket Types †

---

*

https://en.wikipedia.org/wiki/Internetwork_Packet_Exchange#IPX_packet_structure

†

https://en.wikipedia.org/wiki/Internetwork_Packet_Exchange#Socket_number

MH Constant Enumerations

Mobility Header Types *

---

*

https://www.iana.org/assignments/mobility-parameters/mobility-parameters.xhtml#mobility-parameters-1

OSPF Constant Enumerations

Authentication Codes *

OSPF Packet Type †

---

*

https://www.iana.org/assignments/ospf-authentication-codes/ospf-authentication-codes.xhtml#authentication-codes

†

https://www.iana.org/assignments/ospfv2-parameters/ospfv2-parameters.xhtml#ospfv2-parameters-3

Protocol Type Registry Constant Enumerations

LINK-LAYER HEADER TYPES *

class pcapkit.const.reg.linktype.LinkType(value=<no_arg>, names=None, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: aenum.IntEnum

[LinkType] Link-Layer Header Type Values

classmethod _missing_(value)

Lookup function used when value is not found.

Parameters

value (int) –

Return type

pcapkit.const.reg.linktype.LinkType

static get(key, default=- 1)

Backport support for original codes.

Parameters

• key (int | str) –

• default (int) –

Return type

LinkType

APPLE_IP_OVER_IEEE1394 = 138

[DLT_APPLE_IP_OVER_IEEE1394] Apple IP-over-IEEE 1394 cooked header.

ARCNET_BSD = 7

[DLT_ARCNET] ARCNET Data Packets, as described by the ARCNET Trade Association standard ATA 878.1-1999, but without the Starting Delimiter, Information Length, or Frame Check Sequence fields, and with only the first ISU of the Destination Identifier. For most packet types, ARCNET Trade Association draft standard ATA 878.2 is also used. See also RFC 1051 and RFC 1201; for RFC 1051 frames, ATA 878.2 is not used.

ARCNET_LINUX = 129

[DLT_ARCNET_LINUX] ARCNET Data Packets, as described by the ARCNET Trade Association standard ATA 878.1-1999, but without the Starting Delimiter, Information Length, or Frame Check Sequence fields, with only the first ISU of the Destination Identifier, and with an extra two-ISU offset field following the Destination Identifier. For most packet types, ARCNET Trade Association draft standard ATA 878.2 is also used; however, no exception frames are supplied, and reassembled frames, rather than fragments, are supplied. See also RFC 1051 and RFC 1201; for RFC 1051 frames, ATA 878.2 is not used.

ATM_RFC1483 = 100

[DLT_ATM_RFC1483] RFC 1483 LLC/SNAP-encapsulated ATM; the packet begins with an ISO 8802-2 (formerly known as IEEE 802.2) LLC header.

ATSC_ALP = 289

[DLT_ATSC_ALP] ATSC Link-Layer Protocol frames, as described in section 5 of the A/330 Link-Layer Protocol specification, found at the ATSC 3.0 standards page, beginning with a Base Header.

AX25 = 3

[DLT_AX25] AX.25 packet, with nothing preceding it.

AX25_KISS = 202

[DLT_AX25_KISS] AX.25 packet, with a 1-byte KISS header containing a type indicator.

BACNET_MS_TP = 165

[DLT_BACNET_MS_TP] BACnet MS/TP frames, as specified by section 9.3 MS/TP Frame Format of ANSI/ASHRAE Standard 135, BACnet® - A Data Communication Protocol for Building Automation and Control Networks, including the preamble and, if present, the Data CRC.

BLUETOOTH_BREDR_BB = 255

[DLT_BLUETOOTH_BREDR_BB] Bluetooth Basic Rate and Enhanced Data Rate baseband packets.

BLUETOOTH_HCI_H4 = 187

[DLT_BLUETOOTH_HCI_H4] Bluetooth HCI UART transport layer; the frame contains an HCI packet indicator byte, as specified by the UART Transport Layer portion of the most recent Bluetooth Core specification, followed by an HCI packet of the specified packet type, as specified by the Host Controller Interface Functional Specification portion of the most recent Bluetooth Core Specification.

BLUETOOTH_HCI_H4_WITH_PHDR = 201

[DLT_BLUETOOTH_HCI_H4_WITH_PHDR] Bluetooth HCI UART transport layer; the frame contains a 4-byte direction field, in network byte order (big-endian), the low-order bit of which is set if the frame was sent from the host to the controller and clear if the frame was received by the host from the controller, followed by an HCI packet indicator byte, as specified by the UART Transport Layer portion of the most recent Bluetooth Core specification, followed by an HCI packet of the specified packet type, as specified by the Host Controller Interface Functional Specification portion of the most recent Bluetooth Core Specification.

BLUETOOTH_LE_LL = 251

[DLT_BLUETOOTH_LE_LL] Bluetooth Low Energy air interface Link Layer packets, in the format described in section 2.1 “PACKET FORMAT” of volume 6 of the Bluetooth Specification Version 4.0 (see PDF page 2200), but without the Preamble.

BLUETOOTH_LE_LL_WITH_PHDR = 256

[DLT_BLUETOOTH_LE_LL_WITH_PHDR] Bluetooth Low Energy link-layer packets.

BLUETOOTH_LINUX_MONITOR = 254

[DLT_BLUETOOTH_LINUX_MONITOR] Bluetooth Linux Monitor encapsulation of traffic for the BlueZ stack.

CAN_SOCKETCAN = 227

[DLT_CAN_SOCKETCAN] CAN (Controller Area Network) frames, with a pseudo- header followed by the frame payload.

C_HDLC = 104

[DLT_C_HDLC] Cisco PPP with HDLC framing, as per section 4.3.1 of RFC 1547.

C_HDLC_WITH_DIR = 205

[DLT_C_HDLC_WITH_DIR] Cisco PPP with HDLC framing, as per section 4.3.1 of RFC 1547, preceded with a one-byte pseudo-header with a zero value meaning “received by this host” and a non-zero value meaning “sent by this host”.

DBUS = 231

[DLT_DBUS] Raw D-Bus messages, starting with the endianness flag, followed by the message type, etc., but without the authentication handshake before the message sequence.

DISPLAYPORT_AUX = 275

[DLT_DISPLAYPORT_AUX] DisplayPort AUX channel monitoring data as specified by VESA DisplayPort (DP) Standard preceded by a pseudo-header.

DOCSIS = 143

[DLT_DOCSIS] DOCSIS MAC frames, as described by the DOCSIS 3.1 MAC and Upper Layer Protocols Interface Specification or earlier specifications for MAC frames.

DOCSIS31_XRA31 = 273

[DLT_DOCSIS31_XRA31] DOCSIS packets and bursts, preceded by a pseudo- header giving metadata about the packet.

DSA_TAG_BRCM = 281

[DLT_DSA_TAG_BRCM] Ethernet frames, with a switch tag inserted between the source address field and the type/length field in the Ethernet header.

DSA_TAG_BRCM_PREPEND = 282

[DLT_DSA_TAG_BRCM_PREPEND] Ethernet frames, with a switch tag inserted before the destination address in the Ethernet header.

DSA_TAG_DSA = 284

[DLT_DSA_TAG_DSA] Ethernet frames, with a switch tag inserted between the source address field and the type/length field in the Ethernet header.

DSA_TAG_EDSA = 285

[DLT_DSA_TAG_EDSA] Ethernet frames, with a programmable Ethernet type switch tag inserted between the source address field and the type/length field in the Ethernet header.

DVB_CI = 235

[DLT_DVB_CI] DVB-CI (DVB Common Interface for communication between a PC Card module and a DVB receiver), with the message format specified by the PCAP format for DVB-CI specification.

EBHSCR = 279

[DLT_EBHSCR] Elektrobit High Speed Capture and Replay (EBHSCR) format.

ELEE = 286

[DLT_ELEE] Payload of lawful intercept packets using the ELEE protocol. The packet begins with the ELEE header; it does not include any transport- layer or lower-layer headers for protcols used to transport ELEE packets.

EPON = 259

[DLT_EPON] Ethernet-over-passive-optical-network packets, starting with the last 6 octets of the modified preamble as specified by 65.1.3.2 “Transmit” in Clause 65 of Section 5 of IEEE 802.3, followed immediately by an Ethernet frame.

ERF = 197

[DLT_ERF] Various link-layer types, with a pseudo-header, for Endace DAG cards; encapsulates Endace ERF records.

ETHERNET = 1

[DLT_EN10MB] IEEE 802.3 Ethernet (10Mb, 100Mb, 1000Mb, and up); the 10MB in the DLT_ name is historical.

ETHERNET_MPACKET = 274

[DLT_ETHERNET_MPACKET] mPackets, as specified by IEEE 802.3br Figure 99-4, starting with the preamble and always ending with a CRC field.

ETW = 290

[DLT_ETW] Event Tracing for Windows messages, beginning with a pseudo- header.

FC_2 = 224

[DLT_FC_2] Fibre Channel FC-2 frames, beginning with a Frame_Header.

FC_2_WITH_FRAME_DELIMS = 225

[DLT_FC_2_WITH_FRAME_DELIMS] Fibre Channel FC-2 frames, beginning an encoding of the SOF, followed by a Frame_Header, and ending with an encoding of the SOF. The encodings represent the frame delimiters as 4-byte sequences representing the corresponding ordered sets, with K28.5 represented as 0xBC, and the D symbols as the corresponding byte values; for example, SOFi2, which is K28.5 - D21.5 - D1.2 - D21.2, is represented as 0xBC 0xB5 0x55 0x55.

FDDI = 10

[DLT_FDDI] FDDI, as specified by ANSI INCITS 239-1994.

FLEXRAY = 210

[DLT_FLEXRAY] FlexRay automotive bus frames or symbols, preceded by a pseudo-header.

FRELAY = 107

[DLT_FRELAY] Frame Relay LAPF frames, beginning with a ITU-T Recommendation Q.922 LAPF header starting with the address field, and without an FCS at the end of the frame.

FRELAY_WITH_DIR = 206

[DLT_FRELAY_WITH_DIR] Frame Relay LAPF frames, beginning with a one-byte pseudo-header with a zero value meaning “received by this host” (DCE->DTE) and a non-zero value meaning “sent by this host” (DTE->DCE), followed by an ITU-T Recommendation Q.922 LAPF header starting with the address field, and without an FCS at the end of the frame.

GPF_F = 171

[DLT_GPF_F] Frame-mapped generic framing procedure, as specified by ITU-T Recommendation G.7041/Y.1303.

GPF_T = 170

[DLT_GPF_T] Transparent-mapped generic framing procedure, as specified by ITU-T Recommendation G.7041/Y.1303.

GPRS_LLC = 169

[DLT_GPRS_LLC] General Packet Radio Service Logical Link Control, as defined by 3GPP TS 04.64.

IEEE802_11 = 105

[DLT_IEEE802_11] IEEE 802.11 wireless LAN.

IEEE802_11_AVS = 163

[DLT_IEEE802_11_RADIO_AVS] AVS monitor mode information followed by an 802.11 header.

IEEE802_11_PRISM = 119

[DLT_PRISM_HEADER] Prism monitor mode information followed by an 802.11 header.

IEEE802_11_RADIOTAP = 127

[DLT_IEEE802_11_RADIO] Radiotap link-layer information followed by an 802.11 header.

IEEE802_15_4_NOFCS = 230

[DLT_IEEE802_15_4_NOFCS] IEEE 802.15.4 Low-Rate Wireless Network, without the FCS at the end of the frame.

IEEE802_15_4_NONASK_PHY = 215

[DLT_IEEE802_15_4_NONASK_PHY] IEEE 802.15.4 Low-Rate Wireless Networks, with each packet having the FCS at the end of the frame, and with the PHY- level data for the O-QPSK, BPSK, GFSK, MSK, and RCC DSS BPSK PHYs (4 octets of 0 as preamble, one octet of SFD, one octet of frame length + reserved bit) preceding the MAC-layer data (starting with the frame control field).

IEEE802_15_4_TAP = 283

[DLT_IEEE802_15_4_TAP] IEEE 802.15.4 Low-Rate Wireless Networks, with a pseudo-header containing TLVs with metadata preceding the 802.15.4 header.

IEEE802_15_4_WITHFCS = 195

[DLT_IEEE802_15_4_WITHFCS] IEEE 802.15.4 Low-Rate Wireless Networks, with each packet having the FCS at the end of the frame.

IEEE802_5 = 6

[DLT_IEEE802] IEEE 802.5 Token Ring; the IEEE802, without _5, in the DLT_ name is historical.

INFINIBAND = 247

[DLT_INFINIBAND] Raw InfiniBand frames, starting with the Local Routing Header, as specified in Chapter 5 “Data packet format” of InfiniBand™ Architectural Specification Release 1.2.1 Volume 1 - General Specifications.

IPMB_LINUX = 209

[DLT_IPMB_LINUX] IPMB over an I2C circuit, with a Linux-specific pseudo- header.

IPMI_HPM_2 = 260

[DLT_IPMI_HPM_2] IPMI trace packets, as specified by Table 3-20 “Trace Data Block Format” in the PICMG HPM.2 specification. The time stamps for packets in this format must match the time stamps in the Trace Data Blocks.

IPNET = 226

[DLT_IPNET] Solaris ipnet pseudo-header, followed by an IPv4 or IPv6 datagram.

IPOIB = 242

[DLT_IPOIB] IP-over-InfiniBand, as specified by RFC 4391 section 6.

IPV4 = 228

[DLT_IPV4] Raw IPv4; the packet begins with an IPv4 header.

IPV6 = 229

[DLT_IPV6] Raw IPv6; the packet begins with an IPv6 header.

IP_OVER_FC = 122

[DLT_IP_OVER_FC] RFC 2625 IP-over-Fibre Channel, with the link-layer header being the Network_Header as described in that RFC.

ISO_14443 = 264

[DLT_ISO_14443] Messages between ISO 14443 contactless smartcards (Proximity Integrated Circuit Card, PICC) and card readers (Proximity Coupling Device, PCD), with the message format specified by the PCAP format for ISO14443 specification.

LAPB_WITH_DIR = 207

[DLT_LAPB_WITH_DIR] Link Access Procedure, Balanced (LAPB), as specified by ITU-T Recommendation X.25, preceded with a one-byte pseudo-header with a zero value meaning “received by this host” (DCE->DTE) and a non-zero value meaning “sent by this host” (DTE->DCE).

LAPD = 203

[DLT_LAPD] Link Access Procedures on the D Channel (LAPD) frames, as specified by ITU-T Recommendation Q.920 and ITU-T Recommendation Q.921, starting with the address field, with no pseudo-header.

LIN = 212

[DLT_LIN] Local Interconnect Network (LIN) automotive bus, preceded by a pseudo-header.

LINUX_IRDA = 144

[DLT_LINUX_IRDA] Linux-IrDA packets, with a LINKTYPE_LINUX_IRDA header, with the payload for IrDA frames beginning with by the IrLAP header as defined by IrDA Data Specifications, including the IrDA Link Access Protocol specification.

LINUX_LAPD = 177

[DLT_LINUX_LAPD] Link Access Procedures on the D Channel (LAPD) frames, as specified by ITU-T Recommendation Q.920 and ITU-T Recommendation Q.921, captured via vISDN, with a LINKTYPE_LINUX_LAPD header, followed by the Q.921 frame, starting with the address field.

LINUX_SLL = 113

[DLT_LINUX_SLL] Linux “cooked” capture encapsulation.

LINUX_SLL2 = 276

[DLT_LINUX_SLL2] Linux “cooked” capture encapsulation v2.

LOOP = 108

[DLT_LOOP] OpenBSD loopback encapsulation; the link-layer header is a 4-byte field, in network byte order, containing a value of 2 for IPv4 packets, a value of either 24, 28, or 30 for IPv6 packets, a value of 7 for OSI packets, or a value of 23 for IPX packets. All of the IPv6 values correspond to IPv6 packets; code reading files should check for all of them.

LORATAP = 270

[DLT_LORATAP] LoRaTap pseudo-header, followed by the payload, which is typically the PHYPayload from the LoRaWan specification.

LTALK = 114

[DLT_LTALK] Apple LocalTalk; the packet begins with an AppleTalk LocalTalk Link Access Protocol header, as described in chapter 1 of Inside AppleTalk, Second Edition.

MFR = 182

[DLT_MFR] FRF.16.1 Multi-Link Frame Relay frames, beginning with an FRF.12 Interface fragmentation format fragmentation header.

MPEG_2_TS = 243

[DLT_MPEG_2_TS] MPEG-2 Transport Stream transport packets, as specified by ISO 13818-1/ITU-T Recommendation H.222.0 (see table 2-2 of section 2.4.3.2 “Transport Stream packet layer”).

MTP2 = 140

[DLT_MTP2] Signaling System 7 Message Transfer Part Level 2, as specified by ITU-T Recommendation Q.703.

MTP2_WITH_PHDR = 139

[DLT_MTP2_WITH_PHDR] Signaling System 7 Message Transfer Part Level 2, as specified by ITU-T Recommendation Q.703, preceded by a pseudo-header.

MTP3 = 141

[DLT_MTP3] Signaling System 7 Message Transfer Part Level 3, as specified by ITU-T Recommendation Q.704, with no MTP2 header preceding the MTP3 packet.

MUX27010 = 236

[DLT_MUX27010] Variant of 3GPP TS 27.010 multiplexing protocol (similar to, but not the same as, 27.010).

NETANALYZER = 240

[DLT_NETANALYZER] Pseudo-header for Hilscher Gesellschaft für Systemautomation mbH netANALYZER devices, followed by an Ethernet frame, beginning with the MAC header and ending with the FCS.

NETANALYZER_TRANSPARENT = 241

[DLT_NETANALYZER_TRANSPARENT] Pseudo-header for Hilscher Gesellschaft für Systemautomation mbH netANALYZER devices, followed by an Ethernet frame, beginning with the preamble, SFD, and MAC header, and ending with the FCS.

NETLINK = 253

[DLT_NETLINK] Linux Netlink capture encapsulation.

NFC_LLCP = 245

[DLT_NFC_LLCP] Pseudo-header for NFC LLCP packet captures, followed by frame data for the LLCP Protocol as specified by NFCForum-TS-LLCP_1.1.

NFLOG = 239

[DLT_NFLOG] Linux netlink NETLINK NFLOG socket log messages.

NG40 = 244

[DLT_NG40] Pseudo-header for ng4T GmbH’s UMTS Iub/Iur-over-ATM and Iub/Iur-over-IP format as used by their ng40 protocol tester, followed by frames for the Frame Protocol as specified by 3GPP TS 25.427 for dedicated channels and 3GPP TS 25.435 for common/shared channels in the case of ATM AAL2 or UDP traffic, by SSCOP packets as specified by ITU-T Recommendation Q.2110 for ATM AAL5 traffic, and by NBAP packets for SCTP traffic.

NORDIC_BLE = 272

[DLT_NORDIC_BLE] Messages to and from a Nordic Semiconductor nRF Sniffer for Bluetooth LE packets, beginning with a pseudo-header.

NULL = 0

[DLT_NULL] BSD loopback encapsulation; the link layer header is a 4-byte field, in host byte order, containing a value of 2 for IPv4 packets, a value of either 24, 28, or 30 for IPv6 packets, a value of 7 for OSI packets, or a value of 23 for IPX packets. All of the IPv6 values correspond to IPv6 packets; code reading files should check for all of them. Note that ``host byte order’’ is the byte order of the machine on that the packets are captured; if a live capture is being done, ``host byte order’’ is the byte order of the machine capturing the packets, but if a ``savefile’’ is being read, the byte order is not necessarily that of the machine reading the capture file.

OPENVIZSLA = 278

[DLT_OPENVIZSLA] Openvizsla FPGA-based USB sniffer.

PFLOG = 117

[DLT_PFLOG] OpenBSD pflog; the link-layer header contains a struct pfloghdr structure, as defined by the host on that the file was saved. (This differs from operating system to operating system and release to release; there is nothing in the file to indicate what the layout of that structure is.)

PKTAP = 258

[DLT_PKTAP] Apple PKTAP capture encapsulation.

PPI = 192

[DLT_PPI] Per-Packet Information information, as specified by the Per- Packet Information Header Specification, followed by a packet with the LINKTYPE_ value specified by the pph_dlt field of that header.

PPP = 9

[DLT_PPP] PPP, as per RFC 1661 and RFC 1662; if the first 2 bytes are 0xff and 0x03, it’s PPP in HDLC-like framing, with the PPP header following those two bytes, otherwise it’s PPP without framing, and the packet begins with the PPP header. The data in the frame is not octet-stuffed or bit- stuffed.

PPP_ETHER = 51

[DLT_PPP_ETHER] PPPoE; the packet begins with a PPPoE header, as per RFC 2516.

PPP_HDLC = 50

[DLT_PPP_SERIAL] PPP in HDLC-like framing, as per RFC 1662, or Cisco PPP with HDLC framing, as per section 4.3.1 of RFC 1547; the first byte will be 0xFF for PPP in HDLC-like framing, and will be 0x0F or 0x8F for Cisco PPP with HDLC framing. The data in the frame is not octet-stuffed or bit- stuffed.

PPP_PPPD = 166

[DLT_PPP_PPPD] PPP in HDLC-like encapsulation, like LINKTYPE_PPP_HDLC, but with the 0xff address byte replaced by a direction indication—0x00 for incoming and 0x01 for outgoing.

PPP_WITH_DIR = 204

[DLT_PPP_WITH_DIR] PPP, as per RFC 1661 and RFC 1662, preceded with a one-byte pseudo-header with a zero value meaning “received by this host” and a non-zero value meaning “sent by this host”; if the first 2 bytes are 0xff and 0x03, it’s PPP in HDLC-like framing, with the PPP header following those two bytes, otherwise it’s PPP without framing, and the packet begins with the PPP header. The data in the frame is not octet-stuffed or bit-stuffed.

PROFIBUS_DL = 257

[DLT_PROFIBUS_DL] PROFIBUS data link layer packets, as specified by IEC standard 61158-4-3, beginning with the start delimiter, ending with the end delimiter, and including all octets between them.

RAW = 101

[DLT_RAW] Raw IP; the packet begins with an IPv4 or IPv6 header, with the version field of the header indicating whether it’s an IPv4 or IPv6 header.

RDS = 265

[DLT_RDS] Radio data system (RDS) groups, as per IEC 62106, encapsulated in this form.

RTAC_SERIAL = 250

[DLT_RTAC_SERIAL] Serial-line packet header for the Schweitzer Engineering Laboratories “RTAC” product, followed by a payload for one of a number of industrial control protocols.

SCCP = 142

[DLT_SCCP] Signaling System 7 Signalling Connection Control Part, as specified by ITU-T Recommendation Q.711, ITU-T Recommendation Q.712, ITU-T Recommendation Q.713, and ITU-T Recommendation Q.714, with no MTP3 or MTP2 headers preceding the SCCP packet.

SCTP = 248

[DLT_SCTP] SCTP packets, as defined by RFC 4960, with no lower-level protocols such as IPv4 or IPv6.

SDLC = 268

[DLT_SDLC] SDLC packets, as specified by Chapter 1, “DLC Links”, section “Synchronous Data Link Control (SDLC)” of Systems Network Architecture Formats, GA27-3136-20, without the flag fields, zero-bit insertion, or Frame Check Sequence field, containing SNA path information units (PIUs) as the payload.

SITA = 196

[DLT_SITA] Various link-layer types, with a pseudo-header, for SITA.

SLIP = 8

[DLT_SLIP] SLIP, encapsulated with a LINKTYPE_SLIP header.

STANAG_5066_D_PDU = 237

[DLT_STANAG_5066_D_PDU] D_PDUs as described by NATO standard STANAG 5066, starting with the synchronization sequence, and including both header and data CRCs. The current version of STANAG 5066 is backwards-compatible with the 1.0.2 version, although newer versions are classified.

SUNATM = 123

[DLT_SUNATM] ATM traffic, encapsulated as per the scheme used by SunATM devices.

USBPCAP = 249

[DLT_USBPCAP] USB packets, beginning with a USBPcap header.

USB_2_0 = 288

[DLT_USB_2_0] USB 2.0, 1.1, or 1.0 packet, beginning with a PID, as described by Chapter 8 “Protocol Layer” of the the Universal Serial Bus Specification Revision 2.0.

USB_DARWIN = 266

[DLT_USB_DARWIN] USB packets, beginning with a Darwin (macOS, etc.) USB header.

USB_LINUX = 189

[DLT_USB_LINUX] USB packets, beginning with a Linux USB header, as specified by the struct usbmon_packet in the Documentation/usb/usbmon.txt file in the Linux source tree. Only the first 48 bytes of that header are present. All fields in the header are in host byte order. When performing a live capture, the host byte order is the byte order of the machine on that the packets are captured. When reading a pcap file, the byte order is the byte order for the file, as specified by the file’s magic number; when reading a pcapng file, the byte order is the byte order for the section of the pcapng file, as specified by the Section Header Block.

USB_LINUX_MMAPPED = 220

[DLT_USB_LINUX_MMAPPED] USB packets, beginning with a Linux USB header, as specified by the struct usbmon_packet in the Documentation/usb/usbmon.txt file in the Linux source tree. All 64 bytes of the header are present. All fields in the header are in host byte order. When performing a live capture, the host byte order is the byte order of the machine on that the packets are captured. When reading a pcap file, the byte order is the byte order for the file, as specified by the file’s magic number; when reading a pcapng file, the byte order is the byte order for the section of the pcapng file, as specified by the Section Header Block. For isochronous transfers, the ndesc field specifies the number of isochronous descriptors that follow.

USER0 = 147

[DLT_USER0] Reserved for private use; see above.

USER1 = 148

[DLT_USER1] Reserved for private use; see above.

USER10 = 157

[DLT_USER10] Reserved for private use; see above.

USER11 = 158

[DLT_USER11] Reserved for private use; see above.

USER12 = 159

[DLT_USER12] Reserved for private use; see above.

USER13 = 160

[DLT_USER13] Reserved for private use; see above.

USER14 = 161

[DLT_USER14] Reserved for private use; see above.

USER15 = 162

[DLT_USER15] Reserved for private use; see above.

USER2 = 149

[DLT_USER2] Reserved for private use; see above.

USER3 = 150

[DLT_USER3] Reserved for private use; see above.

USER4 = 151

[DLT_USER4] Reserved for private use; see above.

USER5 = 152

[DLT_USER5] Reserved for private use; see above.

USER6 = 153

[DLT_USER6] Reserved for private use; see above.

USER7 = 154

[DLT_USER7] Reserved for private use; see above.

USER8 = 155

[DLT_USER8] Reserved for private use; see above.

USER9 = 156

[DLT_USER9] Reserved for private use; see above.

VPP_DISPATCH = 280

//fd.io VPP graph dispatch tracer, in the the graph dispatcher trace format.

Type

[DLT_VPP_DISPATCH] Records in traces from the http

VSOCK = 271

[DLT_VSOCK] Protocol for communication between host and guest machines in VMware and KVM hypervisors.

WATTSTOPPER_DLM = 263

[DLT_WATTSTOPPER_DLM] Formats for WattStopper Digital Lighting Management (DLM) and Legrand Nitoo Open protocol common packet structure captures.

ZBOSS_NCP = 292

[DLT_ZBOSS_NCP] Serial NCP (Network Co-Processor) protocol for Zigbee stack ZBOSS by DSR. ZBOSS NCP protocol, beginning with a header.

ZWAVE_R1_R2 = 261

[DLT_ZWAVE_R1_R2] Z-Wave RF profile R1 and R2 packets, as specified by ITU-T Recommendation G.9959, with some MAC layer fields moved.

ZWAVE_R3 = 262

[DLT_ZWAVE_R3] Z-Wave RF profile R3 packets, as specified by ITU-T Recommendation G.9959, with some MAC layer fields moved.

Z_WAVE_SERIAL = 287

[DLT_Z_WAVE_SERIAL] Serial frames transmitted between a host and a Z-Wave chip over an RS-232 or USB serial connection, as described in section 5 of the Z-Wave Serial API Host Application Programming Guide.

ETHER TYPES †

class pcapkit.const.reg.ethertype.EtherType(value=<no_arg>, names=None, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: aenum.IntEnum

[EtherType] Ethertype IEEE 802 Numbers

classmethod _missing_(value)

Lookup function used when value is not found.

Parameters

value (int) –

Return type

pcapkit.const.reg.ethertype.EtherType

static get(key, default=- 1)

Backport support for original codes.

Parameters

• key (int | str) –

• default (int) –

Return type

EtherType

ARAI_Bunkichi = 33188

ARAI Bunkichi [Neil Sembower]

ATOMIC = 34527

ATOMIC [Joe Touch]

AT_T_0x8008 = 32776

AT&T [Neil Sembower]

AT_T_0x8046 = 32838

AT&T [Neil Sembower]

AT_T_0x8047 = 32839

AT&T [Neil Sembower]

AT_T_0x8069 = 32873

AT&T [Neil Sembower]

Address_Resolution_Protocol = 2054

Address Resolution Protocol (ARP) [RFC 7042]

Aeonic_Systems = 32822

Aeonic Systems [Neil Sembower]

Alpha_Micro = 33098

Alpha Micro [Neil Sembower]

Apollo_Computer = 33015

Apollo Computer [Neil Sembower]

Apollo_Domain = 32793

Apollo Domain [Neil Sembower]

AppleTalk_AARP = 33011

AppleTalk AARP (Kinetics) [Neil Sembower]

Appletalk = 32923

Appletalk [Neil Sembower]

Applitek_Corporation = 32967

Applitek Corporation [Neil Sembower]

Autophon = 32874

Autophon [Neil Sembower]

BBN_Simnet = 21000

BBN Simnet [Neil Sembower]

BBN_VITAL_LanBridge_cache = 65280

BBN VITAL-LanBridge cache [Neil Sembower]

BIIN_0x814D = 33101

BIIN [Neil Sembower]

BIIN_0x814E = 33102

BIIN [Neil Sembower]

Banyan_Systems_0x80C4 = 32964

Banyan Systems [Neil Sembower]

Banyan_Systems_0x80C5 = 32965

Banyan Systems [Neil Sembower]

Banyan_VINES = 2989

Banyan VINES [Neil Sembower]

Berkeley_Trailer_nego = 4096

Berkeley Trailer nego [Neil Sembower]

Cabletron = 28724

Cabletron [Neil Sembower]

Chaosnet = 2052

Chaosnet [Neil Sembower]

ComDesign = 32876

ComDesign [Neil Sembower]

Computgraphic_Corp = 32877

Computgraphic Corp. [Neil Sembower]

Counterpoint_Computers = 32866

Counterpoint Computers [Neil Sembower]

Cronus_Direct = 32772

Cronus Direct [RFC 824][Daniel Tappan]

Cronus_VLN = 32771

Cronus VLN [RFC 824][Daniel Tappan]

Customer_VLAN_Tag_Type = 33024

Customer VLAN Tag Type (C-Tag, formerly called the Q-Tag) (initially Wellfleet) [RFC 7042]

DEC_Customer_Protocol = 24582

DEC Customer Protocol [Neil Sembower]

DEC_DECNET_Phase_IV_Route = 24579

DEC DECNET Phase IV Route [Neil Sembower]

DEC_Diagnostic_Protocol = 24581

DEC Diagnostic Protocol [Neil Sembower]

DEC_Ethernet_Encryption = 32829

DEC Ethernet Encryption [Neil Sembower]

DEC_LANBridge = 32824

DEC LANBridge [Neil Sembower]

DEC_LAN_Traffic_Monitor = 32831

DEC LAN Traffic Monitor [Neil Sembower]

DEC_LAT = 24580

DEC LAT [Neil Sembower]

DEC_LAVC_SCA = 24583

DEC LAVC, SCA [Neil Sembower]

DEC_MOP_Dump_Load = 24577

DEC MOP Dump/Load [Neil Sembower]

DEC_MOP_Remote_Console = 24578

DEC MOP Remote Console [Neil Sembower]

DEC_Unassigned_0x6000 = 24576

DEC Unassigned (Exp.) [Neil Sembower]

DEC_Unassigned_0x803E = 32830

DEC Unassigned [Neil Sembower]

DLOG_0x0660 = 1632

DLOG [Neil Sembower]

DLOG_0x0661 = 1633

DLOG [Neil Sembower]

Dansk_Data_Elektronik = 32891

Dansk Data Elektronik [Neil Sembower]

Delta_Controls = 34526

Delta Controls [Neil Sembower]

ECMA_Internet = 2051

ECMA Internet [Neil Sembower]

EtherType_3Com_TCP_IP_Sys = 36866

3Com(Bridge) TCP-IP Sys [Neil Sembower]

EtherType_3Com_XNS_Sys_Mgmt = 36865

3Com(Bridge) XNS Sys Mgmt [Neil Sembower]

EtherType_3Com_loop_detect = 36867

3Com(Bridge) loop detect [Neil Sembower]

Ethernet_NIC_hardware_and_software_testing = 34850

Ethernet NIC hardware and software testing [Wind River]

Evans_Sutherland = 32861

Evans & Sutherland [Neil Sembower]

Excelan = 32784

Excelan [Neil Sembower]

ExperData = 32841

ExperData [Neil Sembower]

Frame_Relay_ARP = 2056

Frame Relay ARP [RFC 1701]

General_Dynamics = 32872

General Dynamics [Neil Sembower]

General_Switch_Management_Protocol = 34828

General Switch Management Protocol (GSMP) [RFC 7042]

GeoNetworking_as_defined_in_ETSI_EN_302_636_4_1 = 35143

GeoNetworking as defined in ETSI EN 302 636-4-1 [IEEE]

HIPPI_FP_encapsulation = 33152

HIPPI-FP encapsulation [Neil Sembower]

HP_Probe = 32773

HP Probe [Neil Sembower]

Hayes_Microcomputers = 33072

Hayes Microcomputers [Neil Sembower]

IBM_SNA_Service_on_Ether = 32981

IBM SNA Service on Ether [Neil Sembower]

IEEE_Std_802_11_Fast_Roaming_Remote_Request = 35085

IEEE Std 802.11 - Fast Roaming Remote Request (802.11r) [IEEE]

IEEE_Std_802_11_Pre_Authentication = 35015

IEEE Std 802.11 - Pre-Authentication (802.11i) [IEEE]

IEEE_Std_802_1AB_Link_Layer_Discovery_Protocol = 35020

IEEE Std 802.1AB - Link Layer Discovery Protocol (LLDP) [IEEE]

IEEE_Std_802_1AE_Media_Access_Control_Security = 35045

IEEE Std 802.1AE - Media Access Control Security [IEEE]

IEEE_Std_802_1Q_Multiple_Multicast_Registration_Protocol = 35062

IEEE Std 802.1Q - Multiple Multicast Registration Protocol (MMRP) [IEEE]

IEEE_Std_802_1Q_Multiple_VLAN_Registration_Protocol = 35061

IEEE Std 802.1Q - Multiple VLAN Registration Protocol (MVRP) [IEEE]

IEEE_Std_802_1Q_Service_VLAN_tag_identifier = 34984

IEEE Std 802.1Q - Service VLAN tag identifier (S-Tag) [IEEE]

IEEE_Std_802_1Qbe_Multiple_I_SID_Registration_Protocol = 35113

IEEE Std 802.1Qbe - Multiple I-SID Registration Protocol [IEEE]

IEEE_Std_802_1Qbg_ECP_Protocol = 35136

IEEE Std 802.1Qbg - ECP Protocol (also used in 802.1BR) [IEEE]

IEEE_Std_802_1X_Port_based_network_access_control = 34958

IEEE Std 802.1X - Port-based network access control [IEEE]

IEEE_Std_802_21_Media_Independent_Handover_Protocol = 35095

IEEE Std 802.21 - Media Independent Handover Protocol [IEEE]

IEEE_Std_802_3_Ethernet_Passive_Optical_Network = 34824

IEEE Std 802.3 - Ethernet Passive Optical Network (EPON) [EPON][RFC 7042]

IEEE_Std_802_Local_Experimental_Ethertype_0x88B5 = 34997

IEEE Std 802 - Local Experimental Ethertype [IEEE]

IEEE_Std_802_Local_Experimental_Ethertype_0x88B6 = 34998

IEEE Std 802 - Local Experimental Ethertype [IEEE]

IEEE_Std_802_OUI_Extended_Ethertype = 34999

IEEE Std 802 - OUI Extended Ethertype [IEEE]

IP_Autonomous_Systems = 34668

IP Autonomous Systems [RFC 1701]

Internet_Protocol_version_4 = 2048

Internet Protocol version 4 (IPv4) [RFC 7042]

Internet_Protocol_version_6 = 34525

Internet Protocol version 6 (IPv6) [RFC 7042]

L2_IS_IS = 8948

L2-IS-IS [RFC 6325]

Little_Machines = 32864

Little Machines [Neil Sembower]

LoWPAN_encapsulation = 41197

LoWPAN encapsulation [RFC 7973]

Logicraft = 33096

Logicraft [Neil Sembower]

Loopback = 36864

Loopback [Neil Sembower]

MPLS = 34887

MPLS [RFC 5332]

MPLS_with_upstream_assigned_label = 34888

MPLS with upstream-assigned label [RFC 5332]

Matra = 32890

Matra [Neil Sembower]

Merit_Internodal = 32892

Merit Internodal [Hans Werner Braun]

Motorola_Computer = 33165

Motorola Computer [Neil Sembower]

Multi_Topology = 39458

Multi-Topology [RFC 8377]

Multicast_Channel_Allocation_Protocol = 34913

Multicast Channel Allocation Protocol (MCAP) [RFC 7042]

NBS_Internet = 2050

NBS Internet [Neil Sembower]

NSH = 35151

NSH (Network Service Header) [RFC 8300]

Nestar = 32774

Nestar [Neil Sembower]

Network_Computing_Devices = 33097

Network Computing Devices [Neil Sembower]

Nixdorf = 1024

Nixdorf [Neil Sembower]

Nixdorf_Computers = 32931

Nixdorf Computers [Neil Sembower]

PCS_Basic_Block_Protocol = 16962

PCS Basic Block Protocol [Neil Sembower]

PPP_over_Ethernet_Discovery_Stage = 34915

PPP over Ethernet (PPPoE) Discovery Stage [RFC 2516]

PPP_over_Ethernet_Session_Stage = 34916

PPP over Ethernet (PPPoE) Session Stage [RFC 2516][RFC 8822]

PUP_Addr_Trans_0x0201 = 513

PUP Addr Trans (see 0A01) [Neil Sembower]

PUP_Addr_Trans_0x0A01 = 2561

PUP Addr Trans [Neil Sembower]

Pacer_Software = 32966

Pacer Software [Neil Sembower]

Planning_Research_Corp = 32836

Planning Research Corp. [Neil Sembower]

Point_to_Point_Protocol = 34827

Point-to-Point Protocol (PPP) [RFC 7042]

Proteon = 28720

Proteon [Neil Sembower]

Provider_Backbone_Bridging_Instance_tag = 35047

Provider Backbone Bridging Instance tag [IEEE Std 802.1Q-2014]

Rational_Corp = 33104

Rational Corp [Neil Sembower]

Raw_Frame_Relay = 25945

Raw Frame Relay [RFC 1701]

Reserved = 65535

Reserved [RFC 1701]

Reserved_for_HIPPI_6400_0x8182 = 33154

Reserved for HIPPI-6400 [Neil Sembower]

Reserved_for_HIPPI_6400_0x8183 = 33155

Reserved for HIPPI-6400 [Neil Sembower]

Retix = 33010

Retix [Neil Sembower]

Reverse_Address_Resolution_Protocol = 32821

Reverse Address Resolution Protocol (RARP) [RFC 903][Joseph Murdock]

SECTRA = 34523

SECTRA [Neil Sembower]

SGI_Time_Warner_prop = 33150

SGI/Time Warner prop. [Neil Sembower]

SGI_bounce_server = 32790

SGI bounce server [Andrew Cherenson]

SGI_diagnostics = 32787

SGI diagnostics [Andrew Cherenson]

SGI_network_games = 32788

SGI network games [Andrew Cherenson]

SGI_reserved = 32789

SGI reserved [Andrew Cherenson]

SNMP = 33100

SNMP [Joyce K Reynolds]

STP_HIPPI_ST = 33153

STP, HIPPI-ST [Neil Sembower]

Secure_Data = 34669

Secure Data [RFC 1701]

Slow_Protocols = 34825

Slow Protocols (Link Aggregation, OAM, etc.) [IEEE]

Spider_Systems_Ltd = 32927

Spider Systems Ltd. [Neil Sembower]

Stanford_V_Kernel_exp = 32859

Stanford V Kernel exp. [Neil Sembower]

Stanford_V_Kernel_prod = 32860

Stanford V Kernel prod. [Neil Sembower]

Symbolics_Private = 2076

Symbolics Private [David Plummer]

TCP_IP_Compression = 34667

TCP/IP Compression [RFC 1144][RFC 1701]

TRILL = 8947

TRILL [RFC 6325]

TRILL_Fine_Grained_Labeling = 35131

TRILL Fine Grained Labeling (FGL) [RFC 7172]

TRILL_RBridge_Channel = 35142

TRILL RBridge Channel [RFC 7178]

Technically_Elite_Concept = 33103

Technically Elite Concept [Neil Sembower]

The_Ethertype_will_be_used_to_identify_a_Channel_in_which_control_messages_are_encapsulated_as_payload_of_GRE_packets_When_a_GRE_packet_tagged_with_the_Ethertype_is_received_the_payload_will_be_handed_to_the_network_processor_for_processing = 47082

The Ethertype will be used to identify a “Channel” in which control messages are encapsulated as payload of GRE packets. When a GRE packet tagged with the Ethertype is received, the payload will be handed to the network processor for processing. [RFC 8157]

Tigan_Inc = 32815

Tigan, Inc. [Neil Sembower]

Trans_Ether_Bridging = 25944

Trans Ether Bridging [RFC 1701]

Tymshare = 32814

Tymshare [Neil Sembower]

Ungermann_Bass_dia_loop = 28674

Ungermann-Bass dia/loop [Neil Sembower]

Ungermann_Bass_download = 28672

Ungermann-Bass download [Neil Sembower]

Ungermann_Bass_net_debugr = 2304

Ungermann-Bass net debugr [Neil Sembower]

Univ_of_Mass_Amherst_0x8065 = 32869

Univ. of Mass. @ Amherst [Neil Sembower]

Univ_of_Mass_Amherst_0x8066 = 32870

Univ. of Mass. @ Amherst [Neil Sembower]

VG_Laboratory_Systems = 33073

VG Laboratory Systems [Neil Sembower]

VINES_Echo = 2991

VINES Echo [RFC 1701]

VINES_Loopback = 2990

VINES Loopback [RFC 1701]

Valid_Systems = 5632

Valid Systems [Neil Sembower]

Varian_Associates = 32989

Varian Associates [Neil Sembower]

Veeco_Integrated_Auto = 32871

Veeco Integrated Auto. [Neil Sembower]

Vitalink_TransLAN_III = 32896

Vitalink TransLAN III [Neil Sembower]

Wellfleet_Communications = 33023

Wellfleet Communications [Neil Sembower]

XEROX_NS_IDP = 1536

Data Link Layer and Physical Layer Specification”, AA-K759B-TK, Digital Equipment Corporation, Maynard, MA. Also as: “The Ethernet - A Local Area Network”, Version 1.0, Digital Equipment Corporation, Intel Corporation, Xerox Corporation, September 1980. And: “The Ethernet, A Local Area Network: Data Link Layer and Physical Layer Specifications”, Digital, Intel and Xerox, November 1982. And: XEROX, “The Ethernet, A Local Area Network: Data Link Layer and Physical Layer Specification”, X3T51/80-50, Xerox Corporation, Stamford, CT., October 1980.][Neil Sembower]

Type

XEROX NS IDP [“The Ethernet, A Local Area Network

XEROX_PUP = 512

XEROX PUP (see 0A00) [Boggs, D., J. Shoch, E. Taft, and R. Metcalfe, “PUP: An Internetwork Architecture”, XEROX Palo Alto Research Center, CSL-79-10, July 1979; also in IEEE Transactions on Communication, Volume COM-28, Number 4, April 1980.][Neil Sembower]

XNS_Compatability = 2055

XNS Compatability [Neil Sembower]

XTP = 33149

XTP [Neil Sembower]

X_25_Level_3 = 2053

X.25 Level 3 [Neil Sembower]

X_75_Internet = 2049

X.75 Internet [Neil Sembower]

Xerox_IEEE802_3_PUP = 2560

Xerox IEEE802.3 PUP [Neil Sembower]

Assigned Internet Protocol Numbers ‡

class pcapkit.const.reg.transtype.TransType(value=<no_arg>, names=None, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: aenum.IntEnum

[TransType] Transport Layer Protocol Numbers

classmethod _missing_(value)

Lookup function used when value is not found.

Parameters

value (int) –

Return type

pcapkit.const.reg.transtype.TransType

static get(key, default=- 1)

Backport support for original codes.

Parameters

• key (int | str) –

• default (int) –

Return type

TransType

AH = 51

Authentication Header [RFC 4302]

ARGUS = 13

ARGUS (deprecated)) [Robert W Scheifler]

ARIS = 104

ARIS [Nancy Feldman]

AX_25 = 93

AX.25 Frames [Brian Kantor]

A_N = 107

Active Networks [Bob Braden]

BBN_RCC_MON = 10

BBN RCC Monitoring [Steve Chipman]

BNA = 49

BNA [Gary Salamon]

BR_SAT_MON = 76

Backroom SATNET Monitoring [Steven Blumenthal]

CBT = 7

CBT [Tony Ballardie]

CFTP = 62

CFTP [Forsdick, H., “CFTP”, Network Message, Bolt Beranek and Newman, January 1982.][Harry Forsdick]

CHAOS = 16

Chaos [J Noel Chiappa]

CPHB = 73

Computer Protocol Heart Beat [David Mittnacht]

CPNX = 72

Computer Protocol Network Executive [David Mittnacht]

CRTP = 126

Combat Radio Transport Protocol [Robert Sautter]

CRUDP = 127

Combat Radio User Datagram [Robert Sautter]

Compaq_Peer = 110

Compaq Peer Protocol [Victor Volpe]

DCCP = 33

Datagram Congestion Control Protocol [RFC 4340]

DCN_MEAS = 19

DCN Measurement Subsystems [David Mills]

DDP = 37

Datagram Delivery Protocol [Wesley Craig]

DDX = 116

D-II Data Exchange (DDX) [John Worley]

DGP = 86

Dissimilar Gateway Protocol [M/A-COM Government Systems, “Dissimilar Gateway Protocol Specification, Draft Version”, Contract no. CS901145, November 16, 1987.][Mike Little]

DSR = 48

Dynamic Source Routing Protocol [RFC 4728]

EGP = 8

Exterior Gateway Protocol [RFC 888][David Mills]

EIGRP = 88

EIGRP [RFC 7868]

EMCON = 14

EMCON [<mystery contact>]

ENCAP = 98

Encapsulation Header [RFC 1241][Robert Woodburn]

ESP = 50

Encap Security Payload [RFC 4303]

ETHERIP = 97

Ethernet-within-IP Encapsulation [RFC 3378]

Ethernet = 143

Ethernet [RFC 8986]

FC = 133

Fibre Channel [Murali Rajagopal][RFC 6172]

FIRE = 125

[Criag Partridge]

GGP = 3

Gateway-to-Gateway [RFC 823]

GMTP = 100

GMTP [RXB5]

GRE = 47

Generic Routing Encapsulation [RFC 2784][Tony Li]

HIP = 139

Host Identity Protocol [RFC 7401]

HMP = 20

Host Monitoring [RFC 869][Bob Hinden]

HOPOPT = 0

IPv6 Hop-by-Hop Option [RFC 8200]

IATP = 117

Interactive Agent Transfer Protocol [John Murphy]

ICMP = 1

Internet Control Message [RFC 792]

IDPR = 35

Inter-Domain Policy Routing Protocol [Martha Steenstrup]

IDPR_CMTP = 38

IDPR Control Message Transport Proto [Martha Steenstrup]

IDRP = 45

Inter-Domain Routing Protocol [Sue Hares]

IFMP = 101

Ipsilon Flow Management Protocol [Bob Hinden][November 1995, 1997.]

IGMP = 2

Internet Group Management [RFC 1112]

IGP = 9

any private interior gateway (used by Cisco for their IGRP) [Internet Assigned Numbers Authority]

IL = 40

IL Transport Protocol [Dave Presotto]

IPCV = 71

Internet Packet Core Utility [Steven Blumenthal]

IPComp = 108

IP Payload Compression Protocol [RFC 2393]

IPIP = 94

IP-within-IP Encapsulation Protocol [John Ioannidis]

IPLT = 129

[Hollbach]

IPPC = 67

Internet Pluribus Packet Core [Steven Blumenthal]

IPTM = 84

Internet Protocol Traffic Manager [Jim Stevens]

IPX_in_IP = 111

IPX in IP [CJ Lee]

IPv4 = 4

IPv4 encapsulation [RFC 2003]

IPv6 = 41

IPv6 encapsulation [RFC 2473]

IPv6_Frag = 44

Fragment Header for IPv6 [Steve Deering]

IPv6_ICMP = 58

ICMP for IPv6 [RFC 8200]

IPv6_NoNxt = 59

No Next Header for IPv6 [RFC 8200]

IPv6_Opts = 60

Destination Options for IPv6 [RFC 8200]

IPv6_Route = 43

Routing Header for IPv6 [Steve Deering]

IRTP = 28

Internet Reliable Transaction [RFC 938][Trudy Miller]

ISIS_over_IPv4 = 124

[Tony Przygienda]

ISO_IP = 80

ISO Internet Protocol [Marshall T Rose]

ISO_TP4 = 29

ISO Transport Protocol Class 4 [RFC 905][<mystery contact>]

I_NLSP = 52

Integrated Net Layer Security TUBA [K Robert Glenn]

KRYPTOLAN = 65

Kryptolan [Paul Liu]

L2TP = 115

Layer Two Tunneling Protocol [RFC 3931][Bernard Aboba]

LARP = 91

Locus Address Resolution Protocol [Brian Horn]

LEAF_1 = 25

Leaf-1 [Barry Boehm]

LEAF_2 = 26

Leaf-2 [Barry Boehm]

MERIT_INP = 32

MERIT Internodal Protocol [Hans Werner Braun]

MFE_NSP = 31

MFE Network Services Protocol [Shuttleworth, B., “A Documentary of MFENet, a National Computer Network”, UCRL-52317, Lawrence Livermore Labs, Livermore, California, June 1977.][Barry Howard]

MICP = 95

Mobile Internetworking Control Pro. (deprecated)) [John Ioannidis]

MOBILE = 55

IP Mobility [Charlie Perkins]

MPLS_in_IP = 137

[RFC 4023]

MTP = 92

Multicast Transport Protocol [Susie Armstrong]

MUX = 18

Multiplexing [Cohen, D. and J. Postel, “Multiplexing Protocol”, IEN 90, USC/Information Sciences Institute, May 1979.][Jon Postel]

Mobility_Header = 135

[RFC 6275]

NARP = 54

NBMA Address Resolution Protocol [RFC 1735]

NETBLT = 30

Bulk Data Transfer Protocol [RFC 969][David Clark]

NSFNET_IGP = 85

NSFNET-IGP [Hans Werner Braun]

NVP_II = 11

Network Voice Protocol [RFC 741][Steve Casner]

OSPFIGP = 89

OSPFIGP [RFC 1583][RFC 2328][RFC 5340][John Moy]

PGM = 113

PGM Reliable Transport Protocol [Tony Speakman]

PIM = 103

Protocol Independent Multicast [RFC 7761][Dino Farinacci]

PIPE = 131

Private IP Encapsulation within IP [Bernhard Petri]

PNNI = 102

PNNI over IP [Ross Callon]

PRM = 21

Packet Radio Measurement [Zaw Sing Su]

PTP = 123

Performance Transparency Protocol [Michael Welzl]

PUP = 12

An Internetwork Architecture”, XEROX Palo Alto Research Center, CSL-79-10, July 1979; also in IEEE Transactions on Communication, Volume COM-28, Number 4, April 1980.][XEROX]

Type

PUP [Boggs, D., J. Shoch, E. Taft, and R. Metcalfe, “PUP

PVP = 75

Packet Video Protocol [Steve Casner]

QNX = 106

QNX [Michael Hunter]

RDP = 27

Reliable Data Protocol [RFC 908][Bob Hinden]

ROHC = 142

Robust Header Compression [RFC 5858]

RSVP = 46

Reservation Protocol [RFC 2205][RFC 3209][Bob Braden]

RSVP_E2E_IGNORE = 134

[RFC 3175]

RVD = 66

MIT Remote Virtual Disk Protocol [Michael Greenwald]

Reserved_255 = 255

[Internet Assigned Numbers Authority]

SAT_EXPAK = 64

SATNET and Backroom EXPAK [Steven Blumenthal]

SAT_MON = 69

SATNET Monitoring [Steven Blumenthal]

SCC_SP = 96

Semaphore Communications Sec. Pro. [Howard Hart]

SCPS = 105

SCPS [Robert Durst]

SCTP = 132

Stream Control Transmission Protocol [Randall R Stewart]

SDRP = 42

Source Demand Routing Protocol [Deborah Estrin]

SECURE_VMTP = 82

SECURE-VMTP [Dave Cheriton]

SKIP = 57

SKIP [Tom Markson]

SM = 122

Simple Multicast Protocol (deprecated)) [Jon Crowcroft][draft-perlman- simple-multicast]

SMP = 121

Simple Message Protocol [Leif Ekblad]

SNP = 109

Sitara Networks Protocol [Manickam R Sridhar]

SPS = 130

Secure Packet Shield [Bill McIntosh]

SRP = 119

SpectraLink Radio Protocol [Mark Hamilton]

SSCOPMCE = 128

[Kurt Waber]

ST = 5

Stream [RFC 1190][RFC 1819]

STP = 118

Schedule Transfer Protocol [Jean Michel Pittet]

SUN_ND = 77

SUN ND PROTOCOL-Temporary [William Melohn]

SWIPE = 53

IP with Encryption (deprecated)) [John Ioannidis]

Shim6 = 140

Shim6 Protocol [RFC 5533]

Sprite_RPC = 90

Sprite RPC Protocol [Welch, B., “The Sprite Remote Procedure Call System”, Technical Report, UCB/Computer Science Dept., 86/302, University of California at Berkeley, June 1986.][Bruce Willins]

TCF = 87

TCF [Guillermo A Loyola]

TCP = 6

Transmission Control [RFC-ietf-tcpm-rfc793bis-28]

TLSP = 56

Transport Layer Security Protocol using Kryptonet key management [Christer Oberg]

TP = 39

TP++ Transport Protocol [Dirk Fromhein]

TRUNK_1 = 23

Trunk-1 [Barry Boehm]

TRUNK_2 = 24

Trunk-2 [Barry Boehm]

TTP = 84

Transaction Transport Protocol [Jim Stevens]

TransType_3PC = 34

Third Party Connect Protocol [Stuart A Friedberg]

UDP = 17

User Datagram [RFC 768][Jon Postel]

UDPLite = 136

[RFC 3828]

UTI = 120

UTI [Peter Lothberg]

Use_for_experimentation_and_testing_253 = 253

Use for experimentation and testing [RFC 3692]

Use_for_experimentation_and_testing_254 = 254

Use for experimentation and testing [RFC 3692]

VINES = 83

VINES [Brian Horn]

VISA = 70

VISA Protocol [Gene Tsudik]

VMTP = 81

VMTP [Dave Cheriton]

VRRP = 112

Virtual Router Redundancy Protocol [RFC 5798]

WB_EXPAK = 79

WIDEBAND EXPAK [Steven Blumenthal]

WB_MON = 78

WIDEBAND Monitoring [Steven Blumenthal]

WESP = 141

Wrapped Encapsulating Security Payload [RFC 5840]

WSN = 74

Wang Span Network [Victor Dafoulas]

XNET = 15

Cross Net Debugger [Haverty, J., “XNET Formats for Internet Protocol Version 4”, IEN 158, October 1980.][Jack Haverty]

XNS_IDP = 22

Data Link Layer and Physical Layer Specification”, AA-K759B-TK, Digital Equipment Corporation, Maynard, MA. Also as: “The Ethernet - A Local Area Network”, Version 1.0, Digital Equipment Corporation, Intel Corporation, Xerox Corporation, September 1980. And: “The Ethernet, A Local Area Network: Data Link Layer and Physical Layer Specifications”, Digital, Intel and Xerox, November 1982. And: XEROX, “The Ethernet, A Local Area Network: Data Link Layer and Physical Layer Specification”, X3T51/80-50, Xerox Corporation, Stamford, CT., October 1980.][XEROX]

Type

XEROX NS IDP [“The Ethernet, A Local Area Network

XTP = 36

XTP [Greg Chesson]

any_0_hop_protocol = 114

any 0-hop protocol [Internet Assigned Numbers Authority]

any_distributed_file_system = 68

any distributed file system [Internet Assigned Numbers Authority]

any_host_internal_protocol = 61

any host internal protocol [Internet Assigned Numbers Authority]

any_local_network = 63

any local network [Internet Assigned Numbers Authority]

any_private_encryption_scheme = 99

any private encryption scheme [Internet Assigned Numbers Authority]

manet = 138

MANET Protocols [RFC 5498]

---

*

http://www.tcpdump.org/linktypes.html

†

https://www.iana.org/assignments/ieee-802-numbers/ieee-802-numbers.xhtml#ieee-802-numbers-1

‡

https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml#protocol-numbers-1

TCP Constant Enumerations

TCP Checksum *

TCP Option Kind Numbers †

---

*

https://www.iana.org/assignments/tcp-parameters/tcp-parameters.xhtml#tcp-parameters-2

†

https://www.iana.org/assignments/tcp-parameters/tcp-parameters.xhtml#tcp-parameters-1

VLAN Constant Enumerations

Priority Levels *

---

*

https://en.wikipedia.org/wiki/IEEE_P802.1p#Priority_levels

Web Crawlers for Constant Enumerations

ARP Vendor Crawlers

ARP Hardware Types *

Operation Codes †

---

*

https://www.iana.org/assignments/arp-parameters/arp-parameters.xhtml#arp-parameters-2

†

https://www.iana.org/assignments/arp-parameters/arp-parameters.xhtml#arp-parameters-1

FTP Vendor Crawlers

FTP Commands *

FTP Return Codes †

---

*

https://www.iana.org/assignments/ftp-commands-extensions/ftp-commands-extensions.xhtml#ftp-commands-extensions-2

†

https://en.wikipedia.org/wiki/List_of_FTP_server_return_codes

HIP Vendor Crawler

HIP Certificate Types *

HIP Cipher IDs †

DI-Types ‡

ECDSA Curve Label §

ECDSA_LOW Curve Label ¶

ESP Transform Suite IDs #

Group IDs ♠

HI Algorithm ♥

HIT Suite ID ♦

HIP NAT Traversal Modes ♣

Notify Message Types **

Packet Types ††

Parameter Types ‡‡

Registration Types §§

Registration Failure Types ¶¶

Suite IDs ##

HIP Transport Modes ♠♠

---

*

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#certificate-types

†

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-cipher-id

‡

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-parameters-7

§

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#ecdsa-curve-label

¶

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#ecdsa-low-curve-label

#

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#esp-transform-suite-ids

♠

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-parameters-5

♥

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hi-algorithm

♦

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hit-suite-id

♣

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#nat-traversal

**

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-parameters-9

††

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-parameters-1

‡‡

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-parameters-4

§§

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-parameters-11

¶¶

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-parameters-13

##

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#hip-parameters-6

♠♠

https://www.iana.org/assignments/hip-parameters/hip-parameters.xhtml#transport-modes

HTTP Vendor Crawler

HTTP/2 Error Code *

HTTP/2 Frame Type †

HTTP/2 Settings ‡

---

*

https://www.iana.org/assignments/http2-parameters/http2-parameters.xhtml#error-code

†

https://www.iana.org/assignments/http2-parameters/http2-parameters.xhtml#frame-type

‡

https://www.iana.org/assignments/http2-parameters/http2-parameters.xhtml#settings

IPv4 Vendor Crawler

Classification Level Encodings

Option Classes

IP Option Numbers *

Protection Authority Bit Assignments

QS Functions

IPv4 Router Alert Option Values †

ToS (DS Field) Delay

ToS ECN Field

ToS (DS Field) Precedence

ToS (DS Field) Reliability

ToS (DS Field) Throughput

---

*

https://www.iana.org/assignments/ip-parameters/ip-parameters.xhtml#ip-parameters-1

†

https://www.iana.org/assignments/ip-parameters/ip-parameters.xhtml#ipv4-router-alert-option-values

IPv6 Vendor Crawler

IPv6 Extension Header Types *

Destination Options and Hop-by-Hop Options †

IPv6 QS Functions

IPv6 Router Alert Option Values ‡

Routing Types §

Seed-ID Types

TaggerId Types ¶

---

*

https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml#extension-header

†

https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml#ipv6-parameters-2

‡

https://www.iana.org/assignments/ipv6-routeralert-values/ipv6-routeralert-values.xhtml#ipv6-routeralert-values-1

§

https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml#ipv6-parameters-3

¶

https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml#taggerId-types

IPX Vendor Crawler

IPX Packet Types *

IPX Socket Types †

---

*

https://en.wikipedia.org/wiki/Internetwork_Packet_Exchange#IPX_packet_structure

†

https://en.wikipedia.org/wiki/Internetwork_Packet_Exchange#Socket_number

MH Vendor Crawler

Mobility Header Types *

---

*

https://www.iana.org/assignments/mobility-parameters/mobility-parameters.xhtml#mobility-parameters-1

OSPF Vendor Crawler

Authentication Codes *

OSPF Packet Type †

---

*

https://www.iana.org/assignments/ospf-authentication-codes/ospf-authentication-codes.xhtml#authentication-codes

†

https://www.iana.org/assignments/ospfv2-parameters/ospfv2-parameters.xhtml#ospfv2-parameters-3

Protocol Type Registry Vendor Crawlers

LINK-LAYER HEADER TYPES *

ETHER TYPES †

Assigned Internet Protocol Numbers ‡

---

*

http://www.tcpdump.org/linktypes.html

†

https://www.iana.org/assignments/ieee-802-numbers/ieee-802-numbers.xhtml#ieee-802-numbers-1

‡

https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml#protocol-numbers-1

TCP Vendor Crawler

TCP Checksum *

TCP Option Kind Numbers †

---

*

https://www.iana.org/assignments/tcp-parameters/tcp-parameters.xhtml#tcp-parameters-2

†

https://www.iana.org/assignments/tcp-parameters/tcp-parameters.xhtml#tcp-parameters-1

VLAN Vendor Crawler

Priority Levels *

---

*

https://en.wikipedia.org/wiki/IEEE_P802.1p#Priority_levels

Base Generator

Command Line Tool

usage: pcapkit-vendor [-h] [-V] ...

update constant enumerations

positional arguments:
  target         update targets, supply none to update all

optional arguments:
  -h, --help     show this help message and exit
  -V, --version  show program's version number and exit

In pcapkit, all files can be described as following eight different components.

• Interface (pcapkit.interface)

  user interface for the pcapkit library, which standardise and simplify the usage of this library

• Foundation (pcapkit.foundation)

  synthesise file I/O and protocol analysis, coordinate information exchange in all network layers

• Reassembly (pcapkit.reassembly)

  base on algorithms described in RFC 815, implement datagram reassembly of IP and TCP packets

• Protocols (pcapkit.protocols)

  collection of all protocol family, with detailed implementation and methods

• Utilities (pcapkit.utilities)

  collection of utility functions and classes

• CoreKit (pcapkit.corekit)

  core utilities for pcapkit implementation

• ToolKit (pcapkit.toolkit)

  utility tools for pcapkit implementation

• DumpKit (pcapkit.dumpkit)

  dump utilities for pcapkit implementation

Library Index

pcapkit has defined various and numerous functions and classes, which have different features and purposes. To make a simple index for this library, pcapkit.all contains all things from pcapkit.

Command Line Interface

pcapkit.__main__ was originally the module file of jspcapy, which is now deprecated and merged with pcapkit.

usage: pcapkit-cli [-h] [-V] [-o file-name] [-f format] [-j] [-p] [-t] [-a]
                   [-v] [-F] [-E PKG] [-P PROTOCOL] [-L LAYER]
                   input-file-name

PCAP file extractor and formatted dumper

positional arguments:
  input-file-name       The name of input pcap file. If ".pcap" omits, it will
                        be automatically appended.

optional arguments:
  -h, --help            show this help message and exit
  -V, --version         show program's version number and exit
  -o file-name, --output file-name
                        The name of input pcap file. If format extension
                        omits, it will be automatically appended.
  -f format, --format format
                        Print a extraction report in the specified output
                        format. Available are all formats supported by
                        dictdumper, e.g.: json, plist, and tree.
  -j, --json            Display extraction report as json. This will yield
                        "raw" output that may be used by external tools. This
                        option overrides all other options.
  -p, --plist           Display extraction report as macOS Property List
                        (plist). This will yield "raw" output that may be used
                        by external tools. This option overrides all other
                        options.
  -t, --tree            Display extraction report as tree view text. This will
                        yield "raw" output that may be used by external tools.
                        This option overrides all other options.
  -a, --auto-extension  If output file extension omits, append automatically.
  -v, --verbose         Show more information.
  -F, --files           Split each frame into different files.
  -E PKG, --engine PKG  Indicate extraction engine. Note that except default
                        or pcapkit engine, all other engines need support of
                        corresponding packages.
  -P PROTOCOL, --protocol PROTOCOL
                        Indicate extraction stops after which protocol.
  -L LAYER, --layer LAYER
                        Indicate extract frames until which layer.

About

PyPCAPKit is an independent open source library, using only DictDumper as its formatted output dumper.

Note

There is a project called jspcapy works on pcapkit, which is a command line tool for PCAP extraction but now *DEPRECATED*.

Unlike popular PCAP file extractors, such as Scapy, dpkt, PyShark, and etc, pcapkit uses streaming strategy to read input files. That is to read frame by frame, decrease occupation on memory, as well as enhance efficiency in some way.

Module Structure

In pcapkit, all files can be described as following eight parts.

• Interface (pcapkit.interface)

  User interface for the pcapkit library, which standardise and simplify the usage of this library.

• Foundation (pcapkit.foundation)

  Synthesise file I/O and protocol analysis, coordinate information exchange in all network layers.

• Reassembly (pcapkit.reassembly)

  Based on algorithms described in RFC 815, implement datagram reassembly of IP and TCP packets.

• Protocols (pcapkit.protocols)

  Collection of all protocol family, with detail implementation and methods, as well as constructors.

• CoreKit (pcapkit.corekit)

  Core utilities for pcapkit implementation.

• TookKit (pcapkit.toolkit)

  Compatibility tools for pcapkit implementation.

• DumpKit (pcapkit.dumpkit

  Dump utilities for pcapkit implementation.

• Utilities (pcapkit.utilities)

  Collection of four utility functions and classes.

Engine Comparison

Besides, due to complexity of pcapkit, its extraction procedure takes around 0.0009 seconds per packet, which is not ideal enough. Thus pcapkit introduced alternative extractionengines to accelerate this procedure. By now pcapkit supports Scapy, DPKT, and PyShark. Plus, pcapkit supports two strategies of multiprocessing (server & pipeline). For more information, please refer to the documentation.

Test Environment

Operating System	macOS Mojave
Processor Name	Intel Core i7
Processor Speed	2.6 GHz
Total Number of Cores	6
Memory	16 GB

Test Results

Engine	Performance (seconds per packet)
dpkt	0.00017389218012491862
scapy	0.00036091208457946774
default	0.0009537641207377116
pipeline	0.0009694552421569824
server	0.018088217973709107
pyshark	0.04200994372367859

Installation

Note

pcapkit supports Python versions since 3.4.

Simply run the following to install the current version from PyPI:

pip install pypcapkit

Or install the latest version from the gi repository:

git clone https://github.com/JarryShaw/PyPCAPKit.git
cd pypcapkit
pip install -e .
# and to update at any time
git pull

And since pcapkit supports various extraction engines, and extensive plug-in functions, you may want to install the optional ones:

# for DPKT only
pip install pypcapkit[DPKT]
# for Scapy only
pip install pypcapkit[Scapy]
# for PyShark only
pip install pypcapkit[PyShark]
# and to install all the optional packages
pip install pypcapkit[all]
# or to do this explicitly
pip install pypcapkit dpkt scapy pyshark

Samples

Usage Samples

As described above, :mo:d`pcapkit` is quite easy to use, with simply three verbs as its main interface. Several scenarios are shown as below.

1. extract a PCAP file and dump the result to a specific file (with no reassembly)

   import pcapkit
   # dump to a PLIST file with no frame storage (property frame disabled)
   plist = pcapkit.extract(fin='in.pcap', fout='out.plist', format='plist', store=False)
   # dump to a JSON file with no extension auto-complete
   json = pcapkit.extract(fin='in.cap', fout='out.json', format='json', extension=False)
   # dump to a folder with each tree-view text file per frame
   tree = pcapkit.extract(fin='in.pcap', fout='out', format='tree', files=True)
   

2. extract a PCAP file and fetch IP packet (both IPv4 and IPv6) from a frame (with no output file)

   >>> import pcapkit
   >>> extraction = pcapkit.extract(fin='in.pcap', nofile=True)
   >>> frame0 = extraction.frame[0]
   # check if IP in this frame, otherwise ProtocolNotFound will be raised
   >>> flag = pcapkit.IP in frame0
   >>> tcp = frame0[pcapkit.IP] if flag else None
   

3. extract a PCAP file and reassemble TCP payload (with no output file nor frame storage)

   import pcapkit
   # set strict to make sure full reassembly
   extraction = pcapkit.extract(fin='in.pcap', store=False, nofile=True, tcp=True, strict=True)
   # print extracted packet if HTTP in reassembled payloads
   for packet in extraction.reassembly.tcp:
       for reassembly in packet.packets:
           if pcapkit.HTTP in reassembly.protochain:
               print(reassembly.info)
   

CLI Samples

The CLI (command line interface) of pcapkit has two different access.

• through console scripts

  Use command name pcapkit [...] directly (as shown in samples).

• through Python module

  python -m pypcapkit [...] works exactly the same as above.

Here are some usage samples:

1. export to a macOS Property List (Xcode has special support for this format)

   $ pcapkit in --format plist --verbose
   🚨Loading file 'in.pcap'
    - Frame   1: Ethernet:IPv6:ICMPv6
    - Frame   2: Ethernet:IPv6:ICMPv6
    - Frame   3: Ethernet:IPv4:TCP
    - Frame   4: Ethernet:IPv4:TCP
    - Frame   5: Ethernet:IPv4:TCP
    - Frame   6: Ethernet:IPv4:UDP
   🍺Report file stored in 'out.plist'
   

2. export to a JSON file (with no format specified)

   $ pcapkit in --output out.json --verbose
   🚨Loading file 'in.pcap'
    - Frame   1: Ethernet:IPv6:ICMPv6
    - Frame   2: Ethernet:IPv6:ICMPv6
    - Frame   3: Ethernet:IPv4:TCP
    - Frame   4: Ethernet:IPv4:TCP
    - Frame   5: Ethernet:IPv4:TCP
    - Frame   6: Ethernet:IPv4:UDP
   🍺Report file stored in 'out.json'
   

3. export to a text tree view file (without extension autocorrect)

   $ pcapkit in --output out --format tree --verbose
   🚨Loading file 'in.pcap'
    - Frame   1: Ethernet:IPv6:ICMPv6
    - Frame   2: Ethernet:IPv6:ICMPv6
    - Frame   3: Ethernet:IPv4:TCP
    - Frame   4: Ethernet:IPv4:TCP
    - Frame   5: Ethernet:IPv4:TCP
    - Frame   6: Ethernet:IPv4:UDP
   🍺Report file stored in 'out'
   

Indices and tables

• Index

• Module Index

• Search Page