Module Documentation

pcapkit is an independent open source library, using only DictDumper as its formatted output dumper.

Unlike popular PCAP file extractors, such as Scapy, DPKT, PyShark, and etc, pcapkit tends to provide comprehensive support to all protocols, including but not limited to their parameters and/or options, etc. Therefore, pcapkit contains enumeration registries used by protocols, independent protocol schema definitions as well as various customisable interfaces.

• User Interface
• Library Foundation
• Protocol Family
• Core Utilities
• Compatibility Tools
• Dump Utilities
• Module Utilities
• Constant Enumerations
• Vendor Crawlers

Library Index

pcapkit has defined various and numerous functions and classes, which have different features and purposes. To make a simple index for this library, pcapkit.all contains all things from pcapkit.

Command Line Tool

Important

This module requires emoji package to be installed.

pcapkit.__main__ was originally the module file of jspcapy, which is now deprecated and merged with pcapkit.

usage: pcapkit-cli [-h] [-V] [-o file-name] [-f format] [-j] [-p] [-t] [-a]
                   [-v] [-F] [-E PKG] [-P PROTOCOL] [-L LAYER]
                   input-file-name

PCAP file extractor and formatted dumper

positional arguments:
  input-file-name       The name of input pcap file. If ".pcap" omits, it will
                        be automatically appended.

optional arguments:
  -h, --help            show this help message and exit
  -V, --version         show program's version number and exit
  -o file-name, --output file-name
                        The name of input pcap file. If format extension
                        omits, it will be automatically appended.
  -f format, --format format
                        Print a extraction report in the specified output
                        format. Available are all formats supported by
                        dictdumper, e.g.: json, plist, and tree.
  -j, --json            Display extraction report as json. This will yield
                        "raw" output that may be used by external tools. This
                        option overrides all other options.
  -p, --plist           Display extraction report as macOS Property List
                        (plist). This will yield "raw" output that may be used
                        by external tools. This option overrides all other
                        options.
  -t, --tree            Display extraction report as tree view text. This will
                        yield "raw" output that may be used by external tools.
                        This option overrides all other options.
  -a, --auto-extension  If output file extension omits, append automatically.
  -v, --verbose         Show more information.
  -F, --files           Split each frame into different files.
  -E PKG, --engine PKG  Indicate extraction engine. Note that except default
                        or pcapkit engine, all other engines need support of
                        corresponding packages.
  -P PROTOCOL, --protocol PROTOCOL
                        Indicate extraction stops after which protocol.
  -L LAYER, --layer LAYER
                        Indicate extract frames until which layer.

Environment Variables

PCAPKIT_DEVMODE

If set to 1, pcapkit will run in development mode.

See also

pcapkit.utilities.logging.DEVMODE

PCAPKIT_VERBOSE

If set to 1, pcapkit will run with verbose output.

See also

pcapkit.utilities.logging.VERBOSE

PCAPKIT_HTTP_PROXY

HTTP proxy address for pcapkit.vendor crawlers.

PCAPKIT_HTTPS_PROXY

HTTPS proxy address for pcapkit.vendor crawlers.

PCAPKIT_SPHINX

If set to 1, pcapkit will run with Sphinx additional typing hints and docstrings support.

See also

pcapkit.utilities.logging.SPHINX_TYPE_CHECKING