Analyser for Application Layer

pcapkit.foundation.analysis works as a header quarter to analyse and match application layer protocol. Then, call corresponding modules and functions to extract the attributes.

pcapkit.foundation.analysis._analyse_ftp(file, *args, seekset=0, **kw)

Analyse FTP packet.

Parameters

• file (io.BytesIO) – source data stream

• length (Optional[int]) – packet length

Keyword Arguments

seekset (int) – original file offset

Returns

If the packet is FTP, returns True and parsed FTP packet; otherwise returns False and None.

Return type

Tuple[bool, Optional[HTTPv1]]

pcapkit.foundation.analysis._analyse_httpv1(file, *args, seekset=0, **kw)

Analyse HTTP/1.* packet.

Parameters

• file (io.BytesIO) – source data stream

• length (Optional[int]) – packet length

Keyword Arguments

seekset (int) – original file offset

Returns

If the packet is HTTP/1.*, returns True and parsed HTTP/1.* packet; otherwise returns False and None.

Return type

Tuple[bool, Optional[HTTPv1]]

pcapkit.foundation.analysis._analyse_httpv2(file, *args, seekset=0, **kw)

Analyse HTTP/2 packet.

Parameters

• file (io.BytesIO) – source data stream

• length (Optional[int]) – packet length

Keyword Arguments

seekset (int) – original file offset

Returns

If the packet is HTTP/2, returns True and parsed HTTP/2 packet; otherwise returns False and None.

Return type

Tuple[bool, Optional[HTTPv1]]

pcapkit.foundation.analysis.analyse(file, length=None, *, termination=False)

Analyse application layer packets.

Parameters

• file (io.BytesIO) – source data stream

• length (Optional[int]) – packet length

Keyword Arguments

termination (bool) – If terminate parsing application layer protocol.

Returns

Parsed application layer protocol.

Return type

Protocol

Notes

Currently, the analysis processes in following order:

1. FTP

2. HTTP/1.*

3. HTTP/2

and Raw as the fallback result.