Scapy Tools

pcapkit.toolkit.scapy contains all you need for pcapkit handy usage with Scapy engine. All reforming functions returns with a flag to indicate if usable for its caller.

pcapkit.toolkit.scapy.ipv4_reassembly(packet, *, count=NotImplemented)[source]

Make data for IPv4 reassembly.

Parameters

packet (scapy.packet.Packet) – Scapy packet.

Keyword Arguments

count (int) – Packet index. If not provided, default to NotImplemented.

Returns

A tuple of data for IPv4 reassembly.

  • If the packet can be used for IPv4 reassembly. A packet can be reassembled if it contains IPv4 layer (scapy.layers.inet.IP) and the DF (scapy.layers.inet.IP.flags.DF) flag is False.

  • If the packet can be reassembled, then the dict mapping of data for IPv4 reassembly (ipv4.packet) will be returned; otherwise, returns None.

Return type

Tuple[bool, Dict[str, Any]]

See also

IPv4Reassembly

pcapkit.toolkit.scapy.ipv6_reassembly(packet, *, count=NotImplemented)[source]

Make data for IPv6 reassembly.

Parameters

packet (scapy.packet.Packet) – Scapy packet.

Keyword Arguments

count (int) – Packet index. If not provided, default to NotImplemented.

Returns

A tuple of data for IPv6 reassembly.

Return type

Tuple[bool, Dict[str, Any]]

Raises

ModuleNotFound – If Scapy is not installed.

See also

IPv6Reassembly

pcapkit.toolkit.scapy.packet2chain(packet)[source]

Fetch Scapy packet protocol chain.

Parameters

packet (scapy.packet.Packet) – Scapy packet.

Returns

Colon (:) seperated list of protocol chain.

Return type

str

Raises

ModuleNotFound – If Scapy is not installed.

pcapkit.toolkit.scapy.packet2dict(packet)[source]

Convert Scapy packet into dict.

Parameters

packet (scapy.packet.Packet) – Scapy packet.

Returns

A dict mapping of packet data.

Return type

Dict[str, Any]

Raises

ModuleNotFound – If Scapy is not installed.

pcapkit.toolkit.scapy.tcp_reassembly(packet, *, count=NotImplemented)[source]

Store data for TCP reassembly.

Parameters

packet (scapy.packet.Packet) – Scapy packet.

Keyword Arguments

count (int) – Packet index. If not provided, default to NotImplemented.

Returns

A tuple of data for TCP reassembly.

  • If the packet can be used for TCP reassembly. A packet can be reassembled if it contains TCP layer (scapy.layers.inet.TCP).

  • If the packet can be reassembled, then the dict mapping of data for TCP reassembly (tcp.packet) will be returned; otherwise, returns None.

Return type

Tuple[bool, Dict[str, Any]]

See also

TCPReassembly

pcapkit.toolkit.scapy.tcp_traceflow(packet, *, count=NotImplemented)[source]

Trace packet flow for TCP.

Parameters

packet (scapy.packet.Packet) – Scapy packet.

Keyword Arguments

count (int) – Packet index. If not provided, default to NotImplemented.

Returns

A tuple of data for TCP reassembly.

  • If the packet can be used for TCP flow tracing. A packet can be reassembled if it contains TCP layer (scapy.layers.inet.TCP).

  • If the packet can be reassembled, then the dict mapping of data for TCP flow tracing (trace.packet) will be returned; otherwise, returns None.

Return type

Tuple[bool, Dict[str, Any]]

See also

TraceFlow