Core User Interface

pcapkit.interface.core defines core user-oriented interfaces, variables, and etc., which wraps around the foundation classes from pcapkit.foundation.

PCAP Extration

pcapkit.interface.core.extract(fin=None, fout=None, format=None, auto=True, extension=True, store=True, files=False, nofile=False, verbose=False, engine=None, layer=None, protocol=None, ip=False, ipv4=False, ipv6=False, tcp=False, strict=True, trace=False, trace_fout=None, trace_format=None, trace_byteorder='little', trace_nanosecond=False)[source]

Extract a PCAP file.

Parameters

  • fin (Optional[str]) – file name to be read; if file not exist, raise FileNotFound

  • fout (Optional[str]) – file name to be written

  • format (Optional[Formats]) – file format of output

  • auto (bool) – if automatically run till EOF

  • extension (bool) – if check and append extensions to output file

  • store (bool) – if store extracted packet info

  • files (bool) – if split each frame into different files

  • nofile (bool) – if no output file is to be dumped

  • verbose (bool | VerboseHandler) – a bool value or a function takes the Extract instance and current parsed frame (depends on engine selected) as parameters to print verbose output information

  • engine (Optional[Engines]) – extraction engine to be used

  • layer (Optional[Layers | Type[Protocol]]) – extract til which layer

  • protocol (Optional[Protocols]) – extract til which protocol

  • ip (bool) – if record data for IPv4 & IPv6 reassembly

  • ipv4 (bool) – if perform IPv4 reassembly

  • ipv6 (bool) – if perform IPv6 reassembly

  • tcp (bool) – if perform TCP reassembly

  • strict (bool) – if set strict flag for reassembly

  • trace (bool) – if trace TCP traffic flows

  • trace_fout (Optional[str]) – path name for flow tracer if necessary

  • trace_format (Optional[Formats]) – output file format of flow tracer

  • trace_byteorder (Literal["big", "little"]) – output file byte order

  • trace_nanosecond (bool) – output nanosecond-resolution file flag

Returns

An Extractor object.

Return type

Extractor

Payload Reassembly

pcapkit.interface.core.reassemble(protocol, strict=False)[source]

Reassemble fragmented datagrams.

Parameters

  • protocol (str | Type[Protocol]) – protocol to be reassembled

  • strict (bool) – if return all datagrams (including those not implemented) when submit

Returns

A Reassembly object of corresponding protocol.

Raises

FormatError – If protocol is NOT any of IPv4, IPv6 or TCP.

Return type

Reassembly

TCP Flow Tracing

pcapkit.interface.core.trace(fout, format, byteorder='little', nanosecond=False)[source]

Trace TCP flows.

Parameters

  • fout (Optional[str]) – output path

  • format (Optional[str]) – output format

  • byteorder (Literal[‘little’, ‘big’]) – output file byte order

  • nanosecond (bool) – output nanosecond-resolution file flag

Return type

TraceFlow

Returns

A TraceFlow object.

Output File Formats

pcapkit.interface.core.TREE = 'tree'
pcapkit.interface.core.JSON = 'json'
pcapkit.interface.core.PLIST = 'plist'
pcapkit.interface.core.PCAP = 'pcap'

Layer Thresholds

pcapkit.interface.core.RAW = 'none'
pcapkit.interface.core.INET = 'internet'
pcapkit.interface.core.TRANS = 'transport'
pcapkit.interface.core.APP = 'application'

Extration Engines

pcapkit.interface.core.DPKT = 'dpkt'
pcapkit.interface.core.Scapy = 'scapy'
pcapkit.interface.core.PCAPKit = 'default'
pcapkit.interface.core.PyShark = 'pyshark'