Module Documentation

pcapkit is an independent open source library, using only DictDumper as its formatted output dumper.

Unlike popular PCAP file extractors, such as Scapy, DPKT, PyShark, and etc, pcapkit uses streaming strategy to read input files. That is to read frame by frame, decrease occupation on memory, as well as enhance efficiency in some way.

• User Interface
  • Core User Interface
  • Auxiliary Interface
• Library Foundation
  • Extractor for PCAP Files
  • Trace TCP Flows
  • Fragmented Packets Reassembly
  • Registry Management
• Protocol Family
  • Root Protocol
  • Auxiliary Protocols
  • Link Layer Protocols
  • Internet Layer Protocols
  • Transport Layer Protocols
  • Application Layer Protocols
  • Protocol Registry
• Core Utilities
  • Info Class
  • Multi-Mapping Dictionary
  • Protocol Chain
  • Version Info
• Compatibility Tools
  • PyPCAPKit Tools
  • DPKT Tools
  • PyShark Tools
  • Scapy Tools
• Dump Utilities
  • Null Dumper
  • PCAP Dumper
• Utility Functions & Classes
  • Logging System
  • Decorator Functions
  • User Defined Exceptions
  • User Defined Warnings
  • Version Compatibility
• Constant Enumerations
  • Protocol Numbers
  • Link Layer
  • Internet Layer
  • Transport Layer
  • Application Layer
• Vendor Crawlers
  • Base Crawler
  • Protocol Numbers
  • Link Layer
  • Internet Layer
  • Transport Layer
  • Application Layer

Command Line Tool

Important

This module requires emoji package to be installed.

pcapkit.__main__ was originally the module file of jspcapy, which is now deprecated and merged with pcapkit.

usage: pcapkit-cli [-h] [-V] [-o file-name] [-f format] [-j] [-p] [-t] [-a]
                   [-v] [-F] [-E PKG] [-P PROTOCOL] [-L LAYER]
                   input-file-name

PCAP file extractor and formatted dumper

positional arguments:
  input-file-name       The name of input pcap file. If ".pcap" omits, it will
                        be automatically appended.

optional arguments:
  -h, --help            show this help message and exit
  -V, --version         show program's version number and exit
  -o file-name, --output file-name
                        The name of input pcap file. If format extension
                        omits, it will be automatically appended.
  -f format, --format format
                        Print a extraction report in the specified output
                        format. Available are all formats supported by
                        dictdumper, e.g.: json, plist, and tree.
  -j, --json            Display extraction report as json. This will yield
                        "raw" output that may be used by external tools. This
                        option overrides all other options.
  -p, --plist           Display extraction report as macOS Property List
                        (plist). This will yield "raw" output that may be used
                        by external tools. This option overrides all other
                        options.
  -t, --tree            Display extraction report as tree view text. This will
                        yield "raw" output that may be used by external tools.
                        This option overrides all other options.
  -a, --auto-extension  If output file extension omits, append automatically.
  -v, --verbose         Show more information.
  -F, --files           Split each frame into different files.
  -E PKG, --engine PKG  Indicate extraction engine. Note that except default
                        or pcapkit engine, all other engines need support of
                        corresponding packages.
  -P PROTOCOL, --protocol PROTOCOL
                        Indicate extraction stops after which protocol.
  -L LAYER, --layer LAYER
                        Indicate extract frames until which layer.

Library Index

pcapkit has defined various and numerous functions and classes, which have different features and purposes. To make a simple index for this library, pcapkit.all contains all things from pcapkit.