PyPCAPKit Tools

pcapkit.toolkit.default contains all you need for pcapkit handy usage. All functions returns with a flag to indicate if usable for its caller.

pcapkit.toolkit.default.ipv4_reassembly(frame)[source]

Make data for IPv4 reassembly.

Parameters

frame (Frame) – PCAP frame.

Returns

Data for IPv4 reassembly.

  • If the frame can be used for IPv4 reassembly. A frame can be reassembled if it contains IPv4 layer (pcapkit.protocols.internet.ipv4.IPv4) and the DF (IPv4.flags.df) flag is False.

  • If the frame can be reassembled, then the dict mapping of data for IPv4 reassembly (c.f. ipv4.packet) will be returned; otherwise, returns None.

Return type

IP_Packet[IPv4Address] | None

See also

pcapkit.foundation.reassembly.ipv4.IPv4Reassembly

pcapkit.toolkit.default.ipv6_reassembly(frame)[source]

Make data for IPv6 reassembly.

Parameters

frame (Frame) – PCAP frame.

Returns

A tuple of data for IPv6 reassembly.

Return type

Tuple[bool, Dict[str, Any]]

See also

pcapkit.foundation.reassembly.ipv6.IPv6Reassembly

pcapkit.toolkit.default.tcp_reassembly(frame)[source]

Make data for TCP reassembly.

Parameters

frame (Frame) – PCAP frame.

Returns

A tuple of data for TCP reassembly.

  • If the frame can be used for TCP reassembly. A frame can be reassembled if it contains TCP layer (pcapkit.protocols.transport.tcp.TCP).

  • If the frame can be reassembled, then the dict mapping of data for TCP reassembly (tcp.packet) will be returned; otherwise, returns None.

Return type

Tuple[bool, Dict[str, Any]]

See also

pcapkit.foundation.reassembly.tcp.TCPReassembly

pcapkit.toolkit.default.tcp_traceflow(frame, *, data_link)[source]

Trace packet flow for TCP.

Parameters

  • frame (Frame) – PCAP frame.

  • data_link (LinkType) – Data link layer protocol (from global header).

Returns

Data for TCP reassembly.

  • If the packet can be used for TCP flow tracing. A frame can be reassembled if it contains TCP layer (pcapkit.protocols.transport.tcp.TCP).

  • If the frame can be reassembled, then the dict mapping of data for TCP flow tracing (trace.packet) will be returned; otherwise, returns None.

Return type

TF_Packet | None

See also

pcapkit.foundation.traceflow.TraceFlow