Flow Tracing¶

Note

This was implemented at the demand of my mate @gousaiyang. It is a approximate functionality of Follow TCP Streams in Wireshark.

pcapkit.traceflow implements flow tracing functions for pcapkit package.

See also

For more information on customisation and extension, please refer to Customisation & Extensions.

All flow tracing classes are implemented as TraceFlow subclasses, which are responsible for processing extracted packets and follow the flow and/or stream to provide more insights. Below is a brief diagram of the class hierarchy of pcapkit.foundation.traceflow:

flowchart LR A{{TraceFlowMeta}} -.->|metaclass| B(TraceFlowBase) B --> TCP B --> C(TraceFlow) C --> D([user customisation ...]) click A "/pcapkit/foundation/traceflow/traceflow.html#pcapkit.foundation.traceflow.traceflow.TraceFlowMeta" click B "/pcapkit/foundation/traceflow/traceflow.html#pcapkit.foundation.traceflow.traceflow.TraceFlowBase" click C "/pcapkit/foundation/traceflow/traceflow.html#pcapkit.foundation.traceflow.traceflow.TraceFlow" click D "/ext.html#traceflow-and-flow-tracing" click TCP "/pcapkit/foundation/traceflow/tcp.html#pcapkit.foundation.traceflow.tcp.TCP"

Auxiliary Data¶

class pcapkit.foundation.traceflow.TraceFlowManager(*args: VT, **kwargs: VT)[source]¶

Bases: Info

TraceFlow Manager.

tcp: TCP_TraceFlow¶: TCP reassembly.

class pcapkit.foundation.traceflow.data.TraceFlowData(*args: VT, **kwargs: VT)[source]¶

Bases: Info

Data storage for flow tracing.

tcp: tuple[TCP_Index, ...]¶: TCP traced flows.