Core Interface¶
pcapkit.interface.core defines core user-oriented
interfaces, variables, and etc., which wraps around the
foundation classes from pcapkit.foundation.
- pcapkit.interface.core.extract(fin=None, fout=None, format=None, auto=True, extension=True, store=True, files=False, nofile=False, verbose=False, engine=None, layer=None, protocol=None, reassembly=False, reasm_strict=True, reasm_store=True, trace=False, trace_fout=None, trace_format=None, trace_byteorder='little', trace_nanosecond=False, ip=False, ipv4=False, ipv6=False, tcp=False, buffer_size=8192, buffer_save=False, buffer_path=None, no_eof=False)[source]¶
Extract a PCAP file.
- Parameters:
fin (
Union[str,IO[bytes],None]) – file name to be read or a binary IO object; if file not exist, raiseFileNotFoundformat (
Optional[Literal['pcap','json','tree','plist']]) – file format of outputauto (
bool) – if automatically run till EOFextension (
bool) – if check and append extensions to output filestore (
bool) – if store extracted packet infofiles (
bool) – if split each frame into different filesnofile (
bool) – if no output file is to be dumpedverbose (
Union[bool,Callable[[Extractor,Union[Frame,PCAPNG,Packet,Packet,Packet]],Any]]) – aboolvalue or a function takes theExtractorinstance and current parsed frame (depends on engine selected) as parameters to print verbose output informationengine (
Optional[Literal['default','pcapkit','dpkt','scapy','pyshark']]) – extraction engine to be usedlayer (
Union[Literal['link','internet','transport','application','none'],None,Type[ProtocolBase]]) – extract til which layerprotocol (
Union[str,ProtocolBase,Type[ProtocolBase],None]) – extract til which protocolreassembly (
bool) – if perform reassemblyreasm_strict (
bool) – if set strict flag for reassemblyreasm_store (
bool) – if store reassembled datagramstrace (
bool) – if trace TCP traffic flowstrace_fout (
Optional[str]) – path name for flow tracer if necessarytrace_format (
Optional[Literal['pcap','json','tree','plist']]) – output file format of flow tracertrace_byteorder (
Literal['big','little']) – output file byte ordertrace_nanosecond (
bool) – output nanosecond-resolution file flagip (
bool) – if record data for IPv4 & IPv6 reassembly (must be used withreassembly=True)ipv4 (
bool) – if perform IPv4 reassembly (must be used withreassembly=True)ipv6 (
bool) – if perform IPv6 reassembly (must be used withreassembly=True)tcp (
bool) – if perform TCP reassembly and/or flow tracing (must be used withreassembly=Trueortrace=True)buffer_size (
int) – buffer size for reading input file (forSeekableReaderonly)buffer_save (
bool) – if save buffer to file (forSeekableReaderonly)buffer_path (
Optional[str]) – path name for buffer file if necessary (forSeekableReaderonly)
- Return type:
- Returns:
An
Extractorobject.
- pcapkit.interface.core.reassemble(protocol, strict=False)[source]¶
Reassemble fragmented datagrams.
- Parameters:
protocol (
Union[str,Type[ProtocolBase]]) – protocol to be reassembledstrict (
bool) – if return all datagrams (including those not implemented) when submit
- Return type:
- Returns:
A
Reassemblyobject of corresponding protocol.- Raises:
FormatError – If
protocolis NOT any of IPv4, IPv6 or TCP.
- pcapkit.interface.core.trace(protocol, fout, format, byteorder='little', nanosecond=False)[source]¶
Trace flows.
- Parameters:
- Return type:
- Returns:
A
TraceFlowobject.- Raises:
FormatError – If
protocolis NOT TCP.
Constants Defintion¶
Output File Formats¶
- pcapkit.interface.core.TREE = 'tree'¶
- pcapkit.interface.core.JSON = 'json'¶
- pcapkit.interface.core.PLIST = 'plist'¶
- pcapkit.interface.core.PCAP = 'pcap'¶
Layer Thresholds¶
- pcapkit.interface.core.RAW = 'none'¶
- pcapkit.interface.core.LINK = 'link'¶
- pcapkit.interface.core.INET = 'internet'¶
- pcapkit.interface.core.TRANS = 'transport'¶
- pcapkit.interface.core.APP = 'application'¶
Extration Engines¶
- pcapkit.interface.core.DPKT = 'dpkt'¶
- pcapkit.interface.core.Scapy = 'scapy'¶
- pcapkit.interface.core.PCAPKit = 'default'¶
- pcapkit.interface.core.PyShark = 'pyshark'¶