User Interface¶
pcapkit.interface
defines several user-oriented
interfaces, variables, and etc. These interfaces are
designed to help and simplify the usage of pcapkit
.
PCAP Extration¶
-
pcapkit.interface.
extract
(fin=None, fout=None, format=None, auto=True, extension=True, store=True, files=False, nofile=False, verbose=False, engine=None, layer=None, protocol=None, ip=False, ipv4=False, ipv6=False, tcp=False, strict=True, trace=False, trace_fout=None, trace_format=None, trace_byteorder='little', trace_nanosecond=False)[source]¶ Extract a PCAP file.
- Parameters
fin (Optiona[str]) – file name to be read; if file not exist, raise
FileNotFound
fout (Optiona[str]) – file name to be written
format (Optional[Literal['plist', 'json', 'tree']]) – file format of output
auto (bool) – if automatically run till EOF
extension (bool) – if check and append extensions to output file
store (bool) – if store extracted packet info
files (bool) – if split each frame into different files
nofile (bool) – if no output file is to be dumped
verbose (bool) – if print verbose output information
engine (Optional[Literal['default', 'pcapkit', 'dpkt', 'scapy', 'pyshark', 'server', 'pipeline']]) – extraction engine to be used
layer (Optional[Literal['Link', 'Internet', 'Transport', 'Application']]) – extract til which layer
protocol (Optional[Union[str, Tuple[str], Type[Protocol]]]) – extract til which protocol
ip (bool) – if record data for IPv4 & IPv6 reassembly
ipv4 (bool) – if perform IPv4 reassembly
ipv6 (bool) – if perform IPv6 reassembly
tcp (bool) – if perform TCP reassembly
strict (bool) – if set strict flag for reassembly
trace (bool) – if trace TCP traffic flows
trace_fout (Optional[str]) – path name for flow tracer if necessary
trace_format (Optional[Literal['plist', 'json', 'tree', 'pcap']]) – output file format of flow tracer
trace_byteorder (Literal['little', 'big']) – output file byte order
trace_nanosecond (bool) – output nanosecond-resolution file flag
- Returns
Extractor – an
Extractor
object
Application Layer Analysis¶
-
pcapkit.interface.
analyse
(file, length=None)[source]¶ Analyse application layer packets.
- Parameters
file (Union[bytes, io.BytesIO]) – packet to be analysed
length (Optional[int]) – length of the analysing packet
- Returns
an
Analysis
object- Return type
Analysis
Payload Reassembly¶
-
pcapkit.interface.
reassemble
(protocol, strict=False)[source]¶ Reassemble fragmented datagrams.
- Parameters
- Returns
a
Reassembly
object of corresponding protocol- Return type
Union[IPv4_Reassembly, IPv6_Reassembly, TCP_Reassembly]
- Raises
FormatError – If
protocol
is NOT any of IPv4, IPv6 or TCP.
TCP Flow Tracing¶
Output File Formats¶
-
pcapkit.interface.
TREE
= 'tree'¶
-
pcapkit.interface.
JSON
= 'json'¶
-
pcapkit.interface.
PLIST
= 'plist'¶
-
pcapkit.interface.
PCAP
= 'pcap'¶