PCAP-NG File Format#

pcapkit.protocols.misc.pcapng contains PCAPNG only, which implements extractor for PCAP-NG file format [*].

class pcapkit.protocols.misc.pcapng.PCAPNG(file=None, length=None, **kwargs)[source]#

Bases: ProtocolBase[PCAPNG, PCAPNG]

PCAP-NG file block extractor.

The class currently supports parsing of the following protocols, which are registered in the self.__proto__ attribute:

Index

Protocol

pcapkit.const.reg.linktype.LinkType.ETHERNET

pcapkit.protocols.link.ethernet.Ethernet

pcapkit.const.reg.linktype.LinkType.IPV4

pcapkit.protocols.internet.ipv4.IPv4

pcapkit.const.reg.linktype.LinkType.IPV6

pcapkit.protocols.internet.ipv6.IPv6

The class currently supports parsing of the following block types, which are registered in the self.__block__ attribute:

Block Type

Block Parser

Block Constructor

Section_Header_Block

_read_block_shb()

_make_block_shb()

Interface_Description_Block

_read_block_idb()

_make_block_idb()

Enhanced_Packet_Block

_read_block_epb()

_make_block_epb()

Simple_Packet_Block

_read_block_spb()

_make_block_spb()

Name_Resolution_Block

_read_block_nrb()

_make_block_nrb()

Interface_Statistics_Block

_read_block_isb()

_make_block_isb()

systemd_Journal_Export_Block

_read_block_systemd()

_make_block_systemd()

Decryption_Secrets_Block

_read_block_dsb()

_make_block_dsb()

Custom_Block_that_rewriters_can_copy_into_new_files

_read_block_cb()

_make_block_cb()

Custom_Block_that_rewriters_should_not_copy_into_new_files

_read_block_cb()

_make_block_cb()

Packet_Block

_read_block_packet()

_make_block_packet()

The class currently supports parsing of the following option types, which are registered in the self.__option__ attribute:

Option Type

Option Parser

Option Constructor

opt_endofopt

_read_option_endofopt()

_make_option_endofopt()

opt_comment

_read_option_comment()

_make_option_comment()

if_name

_read_option_if_name()

_make_option_if_name()

if_description

_read_option_if_description()

_make_option_if_description()

if_IPv4addr

_read_option_if_ipv4()

_make_option_if_ipv4()

if_IPv6addr

_read_option_if_ipv6()

_make_option_if_ipv6()

if_MACaddr

_read_option_if_mac()

_make_option_if_mac()

if_EUIaddr

_read_option_if_eui()

_make_option_if_eui()

if_speed

_read_option_if_speed()

_make_option_if_speed()

if_tsresol

_read_option_if_tsresol()

_make_option_if_tsresol()

if_tzone

_read_option_if_tzone()

_make_option_if_tzone()

if_filter

_read_option_if_filter()

_make_option_if_filter()

if_os

_read_option_if_os()

_make_option_if_os()

if_fcslen

_read_option_if_fcslen()

_make_option_if_fcslen()

if_tsoffset

_read_option_if_tsoffset()

_make_option_if_tsoffset()

if_hardware

_read_option_if_hardware()

_make_option_if_hardware()

if_txspeed

_read_option_if_txspeed()

_make_option_if_txspeed()

if_rxspeed

_read_option_if_rxspeed()

_make_option_if_rxspeed()

epb_flags

_read_option_epb_flags()

_make_option_epb_flags()

epb_hash

_read_option_epb_hash()

_make_option_epb_hash()

epb_dropcount

_read_option_epb_dropcount()

_make_option_epb_dropcount()

epb_packetid

_read_option_epb_packetid()

_make_option_epb_packetid()

epb_queue

_read_option_epb_queue()

_make_option_epb_queue()

epb_verdict

_read_option_epb_verdict()

_make_option_epb_verdict()

ns_dnsname

_read_option_ns_dnsname()

_make_option_ns_dnsname()

ns_dnsIP4addr

_read_option_ns_dnsipv4()

_make_option_ns_dnsipv4()

ns_dnsIP6addr

_read_option_ns_dnsipv6()

_make_option_ns_dnsipv6()

isb_starttime

_read_option_isb_starttime()

_make_option_isb_starttime()

isb_endtime

_read_option_isb_endtime()

_make_option_isb_endtime()

isb_ifrecv

_read_option_isb_ifrecv()

_make_option_isb_ifrecv()

isb_ifdrop

_read_option_isb_ifdrop()

_make_option_isb_ifdrop()

isb_filteraccept

_read_option_isb_filteraccept()

_make_option_isb_filteraccept()

isb_osdrop

_read_option_isb_osdrop()

_make_option_isb_osdrop()

isb_usrdeliv

_read_option_isb_usrdeliv()

_make_option_isb_usrdeliv()

pack_flags

_read_option_epb_flags()

_make_option_epb_flags()

pack_hash

_read_option_epb_hash()

_make_option_epb_hash()

The class currently supports parsing of the following systemd(1) journal export record types, which are registered in the self.__record__ attribute:

Record Type

Record Parser

Record Constructor

nrb_record_end

_read_record_end()

_make_record_end()

nrb_record_ipv4

_read_record_ipv4()

_make_record_ipv4()

nrb_record_ipv6

_read_record_ipv6()

_make_record_ipv6()

The class currently supports parsing of the following decryption secrets types, which are registered in the self.__secrets__ attribute:

Secrets Type

Secrets Parser

Secrets Constructor

TLS_Key_Log

_read_secrets_tls()

_make_secrets_tls()

WireGuard_Key_Log

_read_secrets_wireguard()

_make_secrets_wireguard()

ZigBee_NWK_Key

_read_secrets_zigbee_nwk()

_make_secrets_zigbee_nwk()

ZigBee_APS_Key

_read_secrets_zigbee_aps()

_make_secrets_zigbee_aps()
property name: str#

Name of corresponding protocol.

property length: int#

Header length of corresponding protocol.

property context: Context#

Context of current PCAP-NG block.

property byteorder: Literal['big', 'little']#

Byteorder of the current block.

property nanosecond: bool#

Whether the timestamp is in nanosecond.

property ts_resolution: int#

Timestamp resolution of the current block, in units per second.

property ts_offset: int#

Timestamp offset of the current block, in seconds.

property ts_timezone: timezone#

Timezone of the current block.

property linktype: LinkType#

Data link layer protocol type.

Raises:

UnsupportedCall – If current block is not a valid packet block, i.e., EPB, ISB or obsolete Packet Block.

property block: BlockType#

PCAP-NG block type.

classmethod register(code, protocol)[source]#

Register a new protocol class.

Notes

The full qualified class name of the new protocol class should be as {protocol.module}.{protocol.name}.

Parameters:
Return type:

None

classmethod register_block(code, meth)[source]#

Register a block parser.

Parameters:
Return type:

None

classmethod register_option(code, meth)[source]#

Register a option parser.

Parameters:
Return type:

None

classmethod register_record(code, meth)[source]#

Register a systemd(1) journal export record parser.

Parameters:
Return type:

None

classmethod register_secrets(code, meth)[source]#

Register a decryption secrets parser.

Parameters:
Return type:

None

unpack(length=None, **kwargs)[source]#

Unpack (parse) packet data.

Parameters:

  • length (Optional[int]) – Length of packet data.

  • **kwargs (Any) – Arbitrary keyword arguments.

Return type:

PCAPNG

Returns:

Parsed packet data.

Notes

We used a special keyword argument __packet__ to pass the global packet data to underlying methods. This is useful when the packet data is not available in the current instance.

pack(**kwargs)[source]#

Pack (construct) packet data.

Parameters:

**kwargs (Any) – Arbitrary keyword arguments.

Return type:

bytes

Returns:

Constructed packet data.

Notes

We used a special keyword argument __packet__ to pass the global packet data to underlying methods. This is useful when the packet data is not available in the current instance.

read(length=None, *, _read=True, _seek_set=0, **kwargs)[source]#

Read PCAP-NG file blocks.

Structure of PCAP-NG file blocks:

                       1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 |                          Block Type                           |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
4 |                      Block Total Length                       |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
8 /                          Block Body                           /
  /              variable length, padded to 32 bits               /
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                      Block Total Length                       |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Parameters:

  • length (Optional[int]) – Length of data to be read.

  • _read – If the class is called in a parsing scenario.

  • _seek_set – File offset before reading.

  • **kwargs (Any) – Arbitrary keyword arguments.

Return type:

PCAPNG

Returns:

Parsed packet data.

make(type=BlockType.Simple_Packet_Block, type_default=None, type_namespace=None, type_reversed=False, block=b'', **kwargs)[source]#

Make PCAP-NG block data.

Parameters:
Return type:

PCAPNG

Returns:

Constructed packet data.

index(name)[source]#

Call ProtoChain.index.

Parameters:

name (Union[str, ProtocolBase, Type[ProtocolBase]]) – name to be searched

Return type:

int

Returns:

First index of name.

Raises:

IndexNotFound – if name is not present

_decode_next_layer(dict_, proto=None, length=None, *, packet=None)[source]#

Decode next layer protocol.

Parameters:
Return type:

PCAPNG

Returns:

Current protocol with packet extracted.

Notes

We added a new key __next_type__ to dict_ to store the next layer protocol type, and a new key __next_name__ to store the next layer protocol name. These two keys will NOT be included when Info.to_dict is called.

We also added a new key protocols to dict_ to store the protocol chain of the current packet (frame).

_get_payload()[source]#

Get payload of self.__header__.

Return type:

bytes

Returns:

Payload of self.__header__ as bytes.

See also

This is a wrapper function for pcapkit.protocols.schema.Schema.get_payload().

classmethod _make_data(data)[source]#

Create key-value pairs from data for protocol construction.

Parameters:

data (PCAPNG) – protocol data

Return type:

dict[str, Any]

Returns:

Key-value pairs for protocol construction.

_read_block_unknown(schema, *, header)[source]#

Read unknown PCAP-NG block.

Parameters:

  • schema (UnknownBlock) – Parsed block schema.

  • header (PCAPNG) – Parsed PCAP-NG header schema.

Return type:

UnknownBlock

Returns:

Parsed packet data.

_read_block_shb(schema, *, header)[source]#

Read PCAP-NG section header block (SHB).

Structure of Section Header Block:

    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 0 |                   Block Type = 0x0A0D0D0A                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 4 |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 8 |                      Byte-Order Magic                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
12 |          Major Version        |         Minor Version         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
16 |                                                               |
   |                          Section Length                       |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
24 /                                                               /
   /                      Options (variable)                       /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Parameters:
Return type:

SectionHeaderBlock

Returns:

Parsed packet data.

_read_block_idb(schema, *, header)[source]#

Read PCAP-NG interface description block (IDB).

Structure of Interface Description Block:

                        1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 0 |                    Block Type = 0x00000001                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 4 |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 8 |           LinkType            |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
12 |                            SnapLen                            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
16 /                                                               /
   /                      Options (variable)                       /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Parameters:
Return type:

InterfaceDescriptionBlock

Returns:

Parsed packet data.

_read_block_epb(schema, *, header)[source]#

Read PCAP-NG enhanced packet block (EPB).

Structure of Enhanced Packet Block:

                        1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 0 |                    Block Type = 0x00000006                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 4 |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 8 |                         Interface ID                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
12 |                        Timestamp (High)                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
16 |                        Timestamp (Low)                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
20 |                    Captured Packet Length                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
24 |                    Original Packet Length                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
28 /                                                               /
   /                          Packet Data                          /
   /              variable length, padded to 32 bits               /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                                                               /
   /                      Options (variable)                       /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Parameters:
Return type:

EnhancedPacketBlock

Returns:

Parsed packet data.

_read_block_spb(schema, *, header)[source]#

Read PCAP-NG simple packet block (SPB).

Structure of Simple Packet Block:

                        1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 0 |                    Block Type = 0x00000003                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 4 |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 8 |                    Original Packet Length                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
12 /                                                               /
   /                          Packet Data                          /
   /              variable length, padded to 32 bits               /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Parameters:
Return type:

SimplePacketBlock

Returns:

Parsed packet data.

_read_block_nrb(schema, *, header)[source]#

Read PCAP-NG name resolution block (NRB).

Structure of Name Resolution Block:

                        1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 0 |                    Block Type = 0x00000004                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 4 |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 8 |      Record Type              |      Record Value Length      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
12 /                       Record Value                            /
   /              variable length, padded to 32 bits               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   .                                                               .
   .                  . . . other records . . .                    .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Record Type = nrb_record_end |   Record Value Length = 0     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                                                               /
   /                      Options (variable)                       /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Parameters:
Return type:

NameResolutionBlock

Returns:

Parsed packet data.

_read_block_isb(schema, *, header)[source]#

Read PCAP-NG interface statistics block (ISB).

Structure of Interface Statistics Block:

                        1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 0 |                   Block Type = 0x00000005                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 4 |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 8 |                         Interface ID                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
12 |                        Timestamp (High)                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
16 |                        Timestamp (Low)                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
20 /                                                               /
   /                      Options (variable)                       /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Parameters:
Return type:

InterfaceStatisticsBlock

Returns:

Parsed packet data.

_read_block_systemd(schema, *, header)[source]#

Read PCAP-NG systemd(1) journal export block.

Structure of systemd(1) Journal Export Block:

                       1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 |                    Block Type = 0x00000009                    |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
4 |                      Block Total Length                       |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
8 /                                                               /
  /                         Journal Entry                         /
  /              variable length, padded to 32 bits               /
  /                                                               /
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                      Block Total Length                       |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Parameters:
Return type:

SystemdJournalExportBlock

Returns:

Parsed packet data.

_read_block_dsb(schema, *, header)[source]#

Read PCAP-NG decryption secrets block (DSB).

Structure of Decryption Secrets Block:

                        1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 0 |                   Block Type = 0x0000000A                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 4 |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 8 |                          Secrets Type                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
12 |                         Secrets Length                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
16 /                                                               /
   /                          Secrets Data                         /
   /              (variable length, padded to 32 bits)             /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                                                               /
   /                       Options (variable)                      /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                       Block Total Length                      /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Parameters:
Return type:

DecryptionSecretsBlock

Returns:

Parsed packet data.

_read_block_cb(schema, *, header)[source]#

Read PCAP-NG custom block (CB).

Structure of Custom Block:

                        1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 0 |             Block Type = 0x00000BAD or 0x40000BAD             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 4 |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 8 |                Private Enterprise Number (PEN)                |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
12 /                                                               /
   /                          Custom Data                          /
   /              variable length, padded to 32 bits               /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                                                               /
   /                      Options (variable)                       /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Parameters:

  • schema (CustomBlock) – Parsed block schema.

  • header (PCAPNG) – Parsed PCAP-NG header schema.

Return type:

CustomBlock

Returns:

Parsed packet data.

_read_block_packet(schema, *, header)[source]#

Read PCAP-NG packet block (obsolete).

Structure of Packet Block:

                        1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 0 |                    Block Type = 0x00000002                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 4 |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 8 |         Interface ID          |          Drops Count          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
12 |                        Timestamp (High)                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
16 |                        Timestamp (Low)                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
20 |                    Captured Packet Length                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
24 |                    Original Packet Length                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
28 /                                                               /
   /                          Packet Data                          /
   /              variable length, padded to 32 bits               /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                                                               /
   /                      Options (variable)                       /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Parameters:

  • schema (PacketBlock) – Parsed block schema.

  • header (PCAPNG) – Parsed PCAP-NG header schema.

Return type:

PacketBlock

Returns:

Parsed packet data.

_read_pcapng_options(options_schema)[source]#

Read PCAP-NG options.

Structure of PCAP-NG option:

                     1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|      Option Code              |         Option Length         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/                       Option Value                            /
/              variable length, padded to 32 bits               /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/                                                               /
/                 . . . other options . . .                     /
/                                                               /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|   Option Code == opt_endofopt |   Option Length == 0          |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Parameters:

options_schema (list[Option]) – Parsed PCAP-NG options.

Return type:

OrderedMultiDict[OptionType, Option]

Returns:

Parsed PCAP-NG options data.

_read_option_unknown(schema, *, options)[source]#

Read unknown PCAP-NG option.

Parameters:
Return type:

UnknownOption

Returns:

Constructed option data.

_read_option_endofopt(schema, *, options)[source]#

Read PCAP-NG opt_endofopt option.

Parameters:
Return type:

EndOfOption

Returns:

Constructed option data.

_read_option_comment(schema, *, options)[source]#

Read PCAP-NG opt_comment option.

Parameters:
Return type:

CommentOption

Returns:

Constructed option data.

_read_option_custom(schema, *, options)[source]#

Read PCAP-NG opt_custom option.

Structure of PCAP-NG opt_custom option:

                     1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Custom Option Code        |         Option Length         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                Private Enterprise Number (PEN)                |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/                        Custom Data                            /
/              variable length, padded to 32 bits               /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Parameters:
Return type:

CustomOption

Returns:

Constructed option data.

_read_option_if_name(schema, *, options)[source]#

Read PCAP-NG if_name option.

Parameters:
Return type:

IF_NameOption

Returns:

Constructed option data.

_read_option_if_description(schema, *, options)[source]#

Read PCAP-NG if_description option.

Parameters:
Return type:

IF_DescriptionOption

Returns:

Constructed option data.

_read_option_if_ipv4(schema, *, options)[source]#

Read PCAP-NG if_IPv4addr option.

Parameters:
Return type:

IF_IPv4AddrOption

Returns:

Constructed option data.

_read_option_if_ipv6(schema, *, options)[source]#

Read PCAP-NG if_IPv6addr option.

Parameters:
Return type:

IF_IPv6AddrOption

Returns:

Constructed option data.

_read_option_if_mac(schema, *, options)[source]#

Read PCAP-NG if_MACaddr option.

Parameters:
Return type:

IF_MACAddrOption

Returns:

Constructed option data.

_read_option_if_eui(schema, *, options)[source]#

Read PCAP-NG if_EUIaddr option.

Parameters:
Return type:

IF_EUIAddrOption

Returns:

Constructed option data.

_read_option_if_speed(schema, *, options)[source]#

Read PCAP-NG if_speed option.

Parameters:
Return type:

IF_SpeedOption

Returns:

Constructed option data.

_read_option_if_tsresol(schema, *, options)[source]#

Read PCAP-NG if_tsresol option.

Parameters:
Return type:

IF_TSResolOption

Returns:

Constructed option data.

_read_option_if_tzone(schema, *, options)[source]#

Read PCAP-NG if_tzone option.

Parameters:
Return type:

IF_TZoneOption

Returns:

Constructed option data.

_read_option_if_filter(schema, *, options)[source]#

Read PCAP-NG if_filter option.

Parameters:
Return type:

IF_FilterOption

Returns:

Constructed option data.

_read_option_if_os(schema, *, options)[source]#

Read PCAP-NG if_os option.

Parameters:
Return type:

IF_OSOption

Returns:

Constructed option data.

_read_option_if_fcslen(schema, *, options)[source]#

Read PCAP-NG if_fcslen option.

Parameters:
Return type:

IF_FCSLenOption

Returns:

Constructed option data.

_read_option_if_tsoffset(schema, *, options)[source]#

Read PCAP-NG if_tsoffset option.

Parameters:
Return type:

IF_TSOffsetOption

Returns:

Constructed option data.

_read_option_if_hardware(schema, *, options)[source]#

Read PCAP-NG if_hardware option.

Parameters:
Return type:

IF_HardwareOption

Returns:

Constructed option data.

_read_option_if_txspeed(schema, *, options)[source]#

Read PCAP-NG if_txspeed option.

Parameters:
Return type:

IF_TxSpeedOption

Returns:

Constructed option data.

_read_option_if_rxspeed(schema, *, options)[source]#

Read PCAP-NG if_rxspeed option.

Parameters:
Return type:

IF_RxSpeedOption

Returns:

Constructed option data.

_read_option_epb_flags(schema, *, options)[source]#

Read PCAP-NG epb_flags option.

Parameters:
Return type:

EPB_FlagsOption

Returns:

Constructed option data.

_read_option_epb_hash(schema, *, options)[source]#

Read PCAP-NG epb_hash option.

Parameters:
Return type:

EPB_HashOption

Returns:

Constructed option data.

_read_option_epb_dropcount(schema, *, options)[source]#

Read PCAP-NG epb_dropcount option.

Parameters:
Return type:

EPB_DropCountOption

Returns:

Constructed option data.

_read_option_epb_packetid(schema, *, options)[source]#

Read PCAP-NG epb_packetid option.

Parameters:
Return type:

EPB_PacketIDOption

Returns:

Constructed option data.

_read_option_epb_queue(schema, *, options)[source]#

Read PCAP-NG epb_queue option.

Parameters:
Return type:

EPB_QueueOption

Returns:

Constructed option data.

_read_option_epb_verdict(schema, *, options)[source]#

Read PCAP-NG epb_verdict option.

Parameters:
Return type:

EPB_VerdictOption

Returns:

Constructed option data.

_read_option_ns_dnsname(schema, *, options)[source]#

Read PCAP-NG ns_dnsname option.

Parameters:
Return type:

NS_DNSNameOption

Returns:

Constructed option data.

_read_option_ns_dnsipv4(schema, *, options)[source]#

Read PCAP-NG ns_dnsIP4addr option.

Parameters:
Return type:

NS_DNSIP4AddrOption

Returns:

Constructed option data.

_read_option_ns_dnsipv6(schema, *, options)[source]#

Read PCAP-NG ns_dnsIP6addr option.

Parameters:
Return type:

NS_DNSIP6AddrOption

Returns:

Constructed option data.

_read_option_isb_starttime(schema, *, options)[source]#

Read PCAP-NG isb_starttime option.

Parameters:
Return type:

ISB_StartTimeOption

Returns:

Constructed option data.

_read_option_isb_endtime(schema, *, options)[source]#

Read PCAP-NG isb_endtime option.

Parameters:
Return type:

ISB_EndTimeOption

Returns:

Constructed option data.

_read_option_isb_ifrecv(schema, *, options)[source]#

Read PCAP-NG isb_ifrecv option.

Parameters:
Return type:

ISB_IFRecvOption

Returns:

Constructed option data.

_read_option_isb_ifdrop(schema, *, options)[source]#

Read PCAP-NG isb_ifdrop option.

Parameters:
Return type:

ISB_IFDropOption

Returns:

Constructed option data.

_read_option_isb_filteraccept(schema, *, options)[source]#

Read PCAP-NG isb_filteraccept option.

Parameters:
Return type:

ISB_FilterAcceptOption

Returns:

Constructed option data.

_read_option_isb_osdrop(schema, *, options)[source]#

Read PCAP-NG isb_osdrop option.

Parameters:
Return type:

ISB_OSDropOption

Returns:

Constructed option data.

_read_option_isb_usrdeliv(schema, *, options)[source]#

Read PCAP-NG isb_usrdeliv option.

Parameters:
Return type:

ISB_UsrDelivOption

Returns:

Constructed option data.

_read_option_pack_flags(schema, *, options)[source]#

Read PCAP-NG pack_flags option.

Parameters:
Return type:

PACK_FlagsOption

Returns:

Constructed option data.

_read_option_pack_hash(schema, *, options)[source]#

Read PCAP-NG pack_hash option.

Parameters:
Return type:

PACK_HashOption

Returns:

Constructed option data.

_read_nrb_records(records_schema)[source]#

Read PCAP-NG systemd(1) journal export records.

Parameters:

records_schema (list[NameResolutionRecord]) – Parsed systemd(1) journal export records.

Return type:

OrderedMultiDict[RecordType, NameResolutionRecord]

Returns:

Parsed PCAP-NG systemd(1) journal export records data.

_read_record_unknown(schema, *, records)[source]#

Read PCAP-MG unknown systemd(1) journal export records.

Parameters:
Return type:

UnknownRecord

Returns:

Constructed systemd(1) journal export record data.

_read_record_end(schema, *, records)[source]#

Read PCAP-MG nrb_record_end systemd(1) journal export records.

Parameters:
Return type:

EndRecord

Returns:

Constructed systemd(1) journal export record data.

_read_record_ipv4(schema, *, records)[source]#

Read PCAP-MG nrb_record_ipv4 systemd(1) journal export records.

Parameters:
Return type:

IPv4Record

Returns:

Constructed systemd(1) journal export record data.

_read_record_ipv6(schema, *, records)[source]#

Read PCAP-MG nrb_record_ipv6 systemd(1) journal export records.

Parameters:
Return type:

IPv6Record

Returns:

Constructed systemd(1) journal export record data.

_read_secrets_unknown(schema, *, block)[source]#

Read PCAP-NG unknown secrets.

Parameters:
Return type:

UnknownSecrets

_read_secrets_tls(schema, *, block)[source]#

Read PCAP-NG TLS key log secrets.

Parameters:
Return type:

TLSKeyLog

_read_secrets_wireguard(schema, *, block)[source]#

Read PCAP-NG WireGuard key log secrets.

Parameters:
Return type:

WireGuardKeyLog

Returns:

Constructed decryption secrets data.

_read_secrets_zigbee_nwk(schema, *, block)[source]#

Read PCAP-NG ZigBee NWK Key secrets.

Structure of ZigBee NWK Key secrets:

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +---------------------------------------------------------------+
 0 |                   Block Type = 0x0000000A                     |
   +---------------------------------------------------------------+
 4 |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 8 |                  Secrets Type = 0x5a4e574b                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
12 |                         Secrets Length                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
16 |                            AES-128                            |
   |                            NKW Key                            |
   |                          (16 octets)                          |
   |                           (128 bits)                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
32 |          PAN ID               |           padding (0)         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
36 /                                                               /
   /                       Options (variable)                      /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                       Block Total Length                      /
   +---------------------------------------------------------------+
Parameters:
Return type:

ZigBeeNWKKey

Returns:

Constructed decryption secrets data.

_read_secrets_zigbee_aps(schema, *, block)[source]#

Read PCAP-NG ZigBee APS Key secrets.

Structure of ZigBee APS Key secrets:

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +---------------------------------------------------------------+
 0 |                   Block Type = 0x0000000A                     |
   +---------------------------------------------------------------+
 4 |                      Block Total Length                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 8 |                  Secrets Type = 0x5a415053                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
12 |                         Secrets Length                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
16 |                            AES-128                            |
   |                            APS Key                            |
   |                          (16 octets)                          |
   |                           (128 bits)                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
32 |           PAN ID              |     Low Node Short Address    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
36 |    High Node Short Address    |         padding (0)           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
40 /                                                               /
   /                       Options (variable)                      /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   /                       Block Total Length                      /
   +---------------------------------------------------------------+
Parameters:
Return type:

ZigBeeAPSKey

Returns:

Constructed decryption secrets data.

_make_block_unknown(block=None, *, data=b'', **kwargs)[source]#

Make unknown PCAP-NG block.

Parameters:

  • block (Optional[UnknownBlock]) – Block data model.

  • data (bytes) – Unspecified block data.

  • **kwargs (Any) – Arbitrary keyword arguments.

Return type:

UnknownBlock

Returns:

Constructed block schema.

_make_block_shb(block=None, *, version=(1, 0), major_version=None, minor_version=None, section_length=-1, options=None, **kwargs)[source]#

Make PCAP-NG section header block (SHB).

Parameters:
Return type:

SectionHeaderBlock

Returns:

Constructed block schema.

_make_block_idb(block=None, *, linktype=LinkType.NULL, linktype_default=None, linktype_namespace=None, linktype_reversed=False, snaplen=18446744073709551615, options=None, **kwargs)[source]#

Make PCAP-NG interface description block (IDB).

Parameters:
Return type:

InterfaceDescriptionBlock

Returns:

Constructed block schema.

_make_block_epb(block=None, *, interface_id=0, timestamp=None, captured_len=None, original_len=None, packet_data=b'', options=None, **kwargs)[source]#

Make PCAP-NG enhanced packet block (EPB).

Parameters:
Return type:

EnhancedPacketBlock

Returns:

Constructed block schema.

_make_block_spb(block=None, *, original_len=None, packet_data=b'', **kwargs)[source]#

Make PCAP-NG simple packet block (SPB).

Parameters:
Return type:

SimplePacketBlock

Returns:

Constructed block schema.

_make_block_nrb(block=None, *, records=None, options=None, **kwargs)[source]#

Make PCAP-NG name resolution block (NRB).

Parameters:
Return type:

NameResolutionBlock

Returns:

Constructed block schema.

_make_block_isb(block=None, *, interface_id=0, timestamp=None, options=None, **kwargs)[source]#

Make PCAP-NG interface statistics block (ISB).

Parameters:
Return type:

InterfaceStatisticsBlock

Returns:

Constructed block schema.

_make_block_systemd(block=None, *, entries=None, **kwargs)[source]#

Make PCAP-NG systemd(1) journal export block.

Parameters:
Return type:

SystemdJournalExportBlock

Returns:

Constructed block schema.

_make_block_dsb(block=None, *, secrets_type=SecretsType.TLS_Key_Log, secrets_type_default=None, secrets_type_namespace=None, secrets_type_reversed=False, secrets_data=b'', options=None, **kwargs)[source]#

Make PCAP-NG decryption secrets block (DSB).

Parameters:
Return type:

DecryptionSecretsBlock

Returns:

Constructed block schema.

_make_block_cb(block=None, *, pen=0, data=b'', options=None, **kwargs)[source]#

Make PCAP-NG custom block (CB).

Parameters:
Return type:

CustomBlock

Returns:

Constructed block schema.

_make_block_packet(block=None, *, interface_id=0, drop_count=0, timestamp=None, captured_len=None, original_len=None, packet_data=b'', options=None, **kwargs)[source]#

Make PCAP-NG packet block (obsolete).

Parameters:
Return type:

PacketBlock

Returns:

Constructed block schema.

_make_pcapng_options(options, namespace)[source]#

Make options for PCAP-NG.

Parameters:
Return type:

tuple[list[Option | bytes], int]

Returns:

Tuple of options and total length of options.

_make_option_unknown(type, option=None, *, data=b'', **kwargs)[source]#

Make unknown PCAP-NG option.

Parameters:
Return type:

UnknownOption

Returns:

Constructed option schema.

_make_option_endofopt(type, option=None, **kwargs)[source]#

Make PCAP-NG opt_endofopt option.

Parameters:
Return type:

EndOfOption

Returns:

Constructed option schema.

_make_option_comment(type, option=None, *, comment='', **kwargs)[source]#

Make PCAP-NG opt_comment option.

Parameters:
Return type:

CommentOption

Returns:

Constructed option schema.

_make_option_custom(type, option=None, *, pen=4294967295, data=b'', **kwargs)[source]#

Make PCAP-NG opt_custom option.

Parameters:

  • type (OptionType) – Option type.

  • option (Optional[CustomOption]) – Option data model.

  • pen (int) – Private enterprise number.

  • data (bytes) – Custom data.

  • **kwargs (Any) – Arbitrary keyword arguments.

Return type:

CustomOption

Returns:

Constructed option schema.

_make_option_if_name(type, option=None, *, name='', **kwargs)[source]#

Make PCAP-NG if_name option.

Parameters:
Return type:

IF_NameOption

Returns:

Constructed option schema.

_make_option_if_description(type, option=None, *, description='', **kwargs)[source]#

Make PCAP-NG if_description option.

Parameters:
Return type:

IF_DescriptionOption

Returns:

Constructed option schema.

_make_option_if_ipv4(type, option=None, *, interface='192.168.1.1/255.255.255.0', **kwargs)[source]#

Make PCAP-NG if_IPv4addr option.

Parameters:
Return type:

IF_IPv4AddrOption

Returns:

Constructed option schema.

_make_option_if_ipv6(type, option=None, *, interface='2001:0db8:85a3:08d3:1319:8a2e:0370:7344/64', **kwargs)[source]#

Make PCAP-NG if_IPv6addr option.

Parameters:
Return type:

IF_IPv6AddrOption

Returns:

Constructed option schema.

_make_option_if_mac(type, option=None, *, interface='00:01:02:03:04:05', **kwargs)[source]#

Make PCAP-NG if_MACaddr option.

Parameters:
Return type:

IF_MACAddrOption

Returns:

Constructed option schema.

_make_option_if_eui(type, option=None, *, interface='02:34:56:FF:FE:78:9A:BC', **kwargs)[source]#

Make PCAP-NG if_EUIaddr option.

Parameters:
Return type:

IF_EUIAddrOption

Returns:

Constructed option schema.

_make_option_if_speed(type, option=None, *, speed=100000000, **kwargs)[source]#

Make PCAP-NG if_speed option.

Parameters:

  • type (OptionType) – Option type.

  • option (Optional[IF_SpeedOption]) – Option data model.

  • speed (int) – Interface speed, in bits per second.

  • **kwargs (Any) – Arbitrary keyword arguments.

Return type:

IF_SpeedOption

Returns:

Constructed option schema.

_make_option_if_tsresol(type, option=None, *, resolution=1000000, **kwargs)[source]#

Make PCAP-NG if_tsresol option.

Parameters:

  • type (OptionType) – Option type.

  • option (Optional[IF_TSResolOption]) – Option data model.

  • resolution (int) – Resolution of timestamps, in units per second.

  • **kwargs (Any) – Arbitrary keyword arguments.

Return type:

IF_TSResolOption

Returns:

Constructed option schema.

_make_option_if_tzone(type, option=None, *, tzone=0, **kwargs)[source]#

Make PCAP-NG if_tzone option.

Parameters:
Return type:

IF_TZoneOption

Returns:

Constructed option schema.

_make_option_if_filter(type, option=None, *, filter=FilterType.Unassigned_0, filter_default=None, filter_namespace=None, filter_reversed=False, expression=b'', **kwargs)[source]#

Make PCAP-NG if_filter option.

Parameters:
Return type:

IF_FilterOption

Returns:

Constructed option schema.

_make_option_if_os(type, option=None, *, os='macOS-14.4.1-arm64-arm-64bit', **kwargs)[source]#

Make PCAP-NG if_os option.

Parameters:
Return type:

IF_OSOption

Returns:

Constructed option schema.

_make_option_if_fcslen(type, option=None, *, fcs_length=4, **kwargs)[source]#

Make PCAP-NG if_fcslen option.

Parameters:
Return type:

IF_FCSLenOption

Returns:

Constructed option schema.

_make_option_if_tsoffset(type, option=None, *, offset=0, **kwargs)[source]#

Make PCAP-NG if_tsoffset option.

Parameters:
Return type:

IF_TSOffsetOption

Returns:

Constructed option schema.

_make_option_if_hardware(type, option=None, *, hardware='arm', **kwargs)[source]#

Make PCAP-NG if_hardware option.

Parameters:
Return type:

IF_HardwareOption

Returns:

Constructed option schema.

_make_option_if_txspeed(type, option=None, *, speed=100000000, **kwargs)[source]#

Make PCAP-NG if_txspeed option.

Parameters:

  • type (OptionType) – Option type.

  • option (Optional[IF_TxSpeedOption]) – Option data model.

  • speed (int) – Interface transmit speed, in bits per second.

  • **kwargs (Any) – Arbitrary keyword arguments.

Return type:

IF_TxSpeedOption

Returns:

Constructed option schema.

_make_option_if_rxspeed(type, option=None, *, speed=100000000, **kwargs)[source]#

Make PCAP-NG if_rxspeed option.

Parameters:

  • type (OptionType) – Option type.

  • option (Optional[IF_RxSpeedOption]) – Option data model.

  • speed (int) – Interface receive speed, in bits per second.

  • **kwargs (Any) – Arbitrary keyword arguments.

Return type:

IF_RxSpeedOption

Returns:

Constructed option schema.

_make_option_epb_flags(type, option=None, *, direction=PacketDirection.UNKNOWN, direction_default=None, direction_namespace=None, direction_reversed=False, reception=PacketReception.UNKNOWN, reception_default=None, reception_namespace=None, reception_reversed=False, fcs_len=0, crc_error=False, too_long=False, too_short=False, gap_error=False, unaligned_error=False, delimiter_error=False, preamble_error=False, symbol_error=False, **kwargs)[source]#

Make PCAP-NG epb_flags option.

Parameters:

  • type (OptionType) – Option type.

  • option (Optional[EPB_FlagsOption]) – Option data model.

  • direction (PacketDirection | IntEnum | IntEnum | str | int) – Packet direction.

  • direction_default (Optional[int]) – Default value of packet direction.

  • direction_namespace (Union[dict[str, int], dict[int, str], Type[IntEnum], Type[IntEnum], None]) – Namespace of packet direction.

  • direction_reversed (bool) – Whether to reverse packet direction namespace.

  • reception (PacketReception | IntEnum | IntEnum | str | int) – Packet reception.

  • reception_default (Optional[int]) – Default value of packet reception.

  • reception_namespace (Union[dict[str, int], dict[int, str], Type[IntEnum], Type[IntEnum], None]) – Namespace of packet reception.

  • reception_reversed (bool) – Whether to reverse packet reception namespace.

  • fcs_len (int) – Length of FCS field, in bytes.

  • crc_error (bool) – Whether CRC error occurred.

  • too_long (bool) – Whether packet is too long.

  • too_short (bool) – Whether packet is too short.

  • gap_error (bool) – Whether gap error occurred.

  • unaligned_error (bool) – Whether unaligned error occurred.

  • delimiter_error (bool) – Whether delimiter error occurred.

  • preamble_error (bool) – Whether preamble error occurred.

  • symbol_error (bool) – Whether symbol error occurred.

  • **kwargs (Any) – Arbitrary keyword arguments.

Return type:

EPB_FlagsOption

Returns:

Constructed option schema.

_make_option_epb_hash(type, option=None, *, algorithm=HashAlgorithm.two_s_complement, algorithm_default=None, algorithm_namespace=None, algorithm_reversed=False, hash=b'', **kwargs)[source]#

Make PCAP-NG epb_hash option.

Parameters:
Return type:

EPB_HashOption

Returns:

Constructed option schema.

_make_option_epb_dropcount(type, option=None, *, drop_count=0, **kwargs)[source]#

Make PCAP-NG epb_dropcount option.

Parameters:
Return type:

EPB_DropCountOption

Returns:

Constructed option schema.

_make_option_epb_packetid(type, option=None, *, packet_id=0, **kwargs)[source]#

Make PCAP-NG epb_packetid option.

Parameters:
Return type:

EPB_PacketIDOption

Returns:

Constructed option schema.

_make_option_epb_queue(type, option=None, *, queue_id=0, **kwargs)[source]#

Make PCAP-NG epb_queue option.

Parameters:
Return type:

EPB_QueueOption

Returns:

Constructed option schema.

_make_option_epb_verdict(type, option=None, *, verdict=VerdictType.Hardware, verdict_default=None, verdict_namespace=None, verdict_reversed=False, value=b'', **kwargs)[source]#

Make PCAP-NG epb_verdict option.

Parameters:
Return type:

EPB_VerdictOption

Returns:

Constructed option schema.

_make_option_ns_dnsname(type, option=None, *, name='', **kwargs)[source]#

Make PCAP-NG ns_dnsname option.

Parameters:
Return type:

NS_DNSNameOption

Returns:

Constructed option schema.

_make_option_ns_dnsipv4(type, option=None, *, ip='8.8.8.8', **kwargs)[source]#

Make PCAP-NG ns_dnsip4addr option.

Parameters:
Return type:

NS_DNSIP4AddrOption

Returns:

Constructed option schema.

_make_option_ns_dnsipv6(type, option=None, *, ip='8.8.8.8', **kwargs)[source]#

Make PCAP-NG ns_dnsip6addr option.

Parameters:
Return type:

NS_DNSIP6AddrOption

Returns:

Constructed option schema.

_make_option_isb_starttime(type, option=None, *, timestamp=None, **kwargs)[source]#

Make PCAP-NG isb_starttime option.

Parameters:
Return type:

ISB_StartTimeOption

Returns:

Constructed option schema.

_make_option_isb_endtime(type, option=None, *, timestamp=None, **kwargs)[source]#

Make PCAP-NG isb_endtime option.

Parameters:
Return type:

ISB_EndTimeOption

Returns:

Constructed option schema.

_make_option_isb_ifrecv(type, option=None, *, packets=0, **kwargs)[source]#

Make PCAP-NG isb_ifrecv option.

Parameters:
Return type:

ISB_IFRecvOption

Returns:

Constructed option schema.

_make_option_isb_ifdrop(type, option=None, *, packets=0, **kwargs)[source]#

Make PCAP-NG isb_ifdrop option.

Parameters:
Return type:

ISB_IFDropOption

Returns:

Constructed option schema.

_make_option_isb_filteraccept(type, option=None, *, packets=0, **kwargs)[source]#

Make PCAP-NG isb_filteraccept option.

Parameters:
Return type:

ISB_FilterAcceptOption

Returns:

Constructed option schema.

_make_option_isb_osdrop(type, option=None, *, packets=0, **kwargs)[source]#

Make PCAP-NG isb_osdrop option.

Parameters:
Return type:

ISB_OSDropOption

Returns:

Constructed option schema.

_make_option_isb_usrdeliv(type, option=None, *, packets=0, **kwargs)[source]#

Make PCAP-NG isb_usrdeliv option.

Parameters:
Return type:

ISB_UsrDelivOption

Returns:

Constructed option schema.

_make_option_pack_flags(type, option=None, *, direction=PacketDirection.UNKNOWN, direction_default=None, direction_namespace=None, direction_reversed=False, reception=PacketReception.UNKNOWN, reception_default=None, reception_namespace=None, reception_reversed=False, fcs_len=0, crc_error=False, too_long=False, too_short=False, gap_error=False, unaligned_error=False, delimiter_error=False, preamble_error=False, symbol_error=False, **kwargs)[source]#

Make PCAP-NG pack_flags option.

Parameters:

  • type (OptionType) – Option type.

  • option (Optional[PACK_FlagsOption]) – Option data model.

  • direction (PacketDirection | IntEnum | IntEnum | str | int) – Packet direction.

  • direction_default (Optional[int]) – Default value of packet direction.

  • direction_namespace (Union[dict[str, int], dict[int, str], Type[IntEnum], Type[IntEnum], None]) – Namespace of packet direction.

  • direction_reversed (bool) – Whether to reverse packet direction namespace.

  • reception (PacketReception | IntEnum | IntEnum | str | int) – Packet reception.

  • reception_default (Optional[int]) – Default value of packet reception.

  • reception_namespace (Union[dict[str, int], dict[int, str], Type[IntEnum], Type[IntEnum], None]) – Namespace of packet reception.

  • reception_reversed (bool) – Whether to reverse packet reception namespace.

  • fcs_len (int) – Length of FCS field, in bytes.

  • crc_error (bool) – Whether CRC error occurred.

  • too_long (bool) – Whether packet is too long.

  • too_short (bool) – Whether packet is too short.

  • gap_error (bool) – Whether gap error occurred.

  • unaligned_error (bool) – Whether unaligned error occurred.

  • delimiter_error (bool) – Whether delimiter error occurred.

  • preamble_error (bool) – Whether preamble error occurred.

  • symbol_error (bool) – Whether symbol error occurred.

  • **kwargs (Any) – Arbitrary keyword arguments.

Return type:

PACK_FlagsOption

Returns:

Constructed option schema.

_make_option_pack_hash(type, option=None, *, algorithm=HashAlgorithm.two_s_complement, algorithm_default=None, algorithm_namespace=None, algorithm_reversed=False, hash=b'', **kwargs)[source]#

Make PCAP-NG pack_hash option.

Parameters:
Return type:

PACK_HashOption

Returns:

Constructed option schema.

_make_nrb_records(records)[source]#

Make systemd(1) journal export records for PCAP-NG.

Parameters:

records (OrderedMultiDict[RecordType, NameResolutionRecord] | list[NameResolutionRecord | tuple[RecordType, dict[str, Any]] | bytes]) – PCAP-NG systemd(1) journal export records.

Return type:

tuple[list[NameResolutionRecord | bytes], int]

Returns:

Tuple of systemd(1) journal export records and total length of the records.

_make_record_unknown(type, record, *, data=b'', **kwargs)[source]#

Make PCAP-NG unknown systemd(1) journal export record.

Parameters:
Return type:

UnknownRecord

Returns:

Constructed record schema.

_make_record_end(type, record=None, **kwargs)[source]#

Make PCAP-NG nrb_record_end systemd(1) journal export record.

Parameters:
Return type:

EndRecord

Returns:

Constructed record schema.

_make_record_ipv4(type, record, *, ip='127.0.0.1', names=None, **kwargs)[source]#

Make PCAP-NG nrb_record_ipv4 systemd(1) journal export record.

Parameters:
Return type:

IPv4Record

Returns:

Constructed record schema.

_make_record_ipv6(type, record, *, ip='127.0.0.1', names=None, **kwargs)[source]#

Make PCAP-NG nrb_record_ipv6 systemd(1) journal export record.

Parameters:
Return type:

IPv6Record

Returns:

Constructed record schema.

_make_secrets_unknown(type, secrets=None, *, data=b'', **kwargs)[source]#

Make PCAP-NG unknown secrets.

Parameters:
Return type:

UnknownSecrets

Returns:

Constructed secrets schema.

_make_secrets_tls(type, secrets=None, *, entries=None, **kwargs)[source]#

Make PCAP-NG TLS Key Log secrets.

Parameters:
Return type:

TLSKeyLog

Returns:

Constructed secrets schema.

_make_secrets_wireguard(type, secrets=None, *, entries=None, **kwargs)[source]#

Make PCAP-NG WireGuard secrets.

Parameters:
Return type:

WireGuardKeyLog

Returns:

Constructed secrets schema.

_make_secrets_zigbee_nwk(type, secrets=None, *, nwk_key=b'', pan_id=0, **kwargs)[source]#

Make PCAP-NG ZigBee NWK Key secrets.

Parameters:
Return type:

ZigBeeNWKKey

Returns:

Constructed secrets schema.

_make_secrets_zigbee_aps(type, secrets=None, *, aps_key=b'', pan_id=0, short_address=0, **kwargs)[source]#

Make PCAP-NG ZigBee APS Key secrets.

Parameters:

  • type (SecretsType) – Secrets type.

  • secrets (Optional[ZigBeeAPSKey]) – Secrets data model.

  • aps_key (bytes) – APS key.

  • pan_id (int) – PAN ID.

  • short_address (int) – Short address.

  • **kwargs (Any) – Arbitrary keyword arguments.

Return type:

ZigBeeAPSKey

Returns:

Constructed secrets schema.

__proto__: DefaultDict[Enum_LinkType | int, ModuleDescriptor[Protocol] | Type[Protocol]]#

Protocol index mapping for decoding next layer, c.f. self._decode_next_layer & self._import_next_layer. The values should be a tuple representing the module name and class name, or a Protocol subclass.

Type:

DefaultDict[Enum_LinkType, ModuleDescriptor[Protocol] | Type[Protocol]]

__block__: DefaultDict[Enum_BlockType | int, str | tuple[BlockParser, BlockConstructor]]#

Block type to method mapping. Method names are expected to be referred to the class by _read_block_${name} and/or _make_block_${name}, and if such name not found, the value should then be a method that can parse the block by itself.

Type:

DefaultDict[Enum_BlockType, str | tuple[BlockParser, BlockConstructor]]

__option__: DefaultDict[Enum_OptionType | int, str | tuple[OptionParser, OptionConstructor]]#

Block option type to method mapping. Method names are expected to be referred to the class by _read_option_${name} and/or _make_option_${name}, and if such name not found, the value should then be a method that can parse the option by itself.

Type:

DefaultDict[Enum_OptionType, str | tuple[OptionParser, OptionConstructor]]

__record__: DefaultDict[Enum_RecordType | int, str | tuple[RecordParser, RecordConstructor]]#

systemd(1) Journal Export record type to method mapping. Method names are expected to be referred to the class by _read_record_${name} and/or _make_record_${name}, and if such name not found, the value should then be a method that can parse the name record by itself.

Type:

DefaultDict[Enum_RecordType, str | tuple[RecordParser, RecordConstructor]]

__secrets__: DefaultDict[Enum_SecretsType | int, str | tuple[SecretsParser, SecretsConstructor]]#

Decryption secrets type to method mapping. Method names are expected to be referred to the class by _read_secrets_${name} and/or _make_secrets_${name}, and if such name not found, the value should then be a method that can parse the decryption secrets by itself.

Type:

DefaultDict[Enum_SecretsType, str | tuple[SecretsParser, SecretsConstructor]]

__post_init__(file=None, length=None, *, num, sct, ctx, **kwargs)[source]#

Initialisation.

Parameters:

  • file (Union[IO[bytes], bytes, None]) – Source packet stream.

  • length (Optional[int]) – Length of packet data.

  • num (int) – Frame index number.

  • sct (int) – Section index number.

  • ctx (Context) – Section context of the PCAP-NG file.

  • **kwargs (Any) – Arbitrary keyword arguments.

Return type:

None

Notes

For the first block, num will be set to 0 and ctx as None, such that we can be sure that the first block is the section header block.

See also

For construction argument, please refer to make().

__index__()[source]#

Index of the block.

Parameters:

self (Optional[PCAPNG]) – PCAPNG object or None.

Return type:

int

Returns:

If the object is initiated, i.e. self._fnum exists, and is of a packet block (EPB, ISB or Packet), returns the block index number of itself; else raises UnsupportedCall.

Raises:

UnsupportedCall – This protocol has no registry entry.

Auxiliary Data#

class pcapkit.protocols.misc.pcapng.PacketDirection(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)[source]#

Bases: IntEnum

Packet direction for epb_flags options.

UNKNOWN = 0#

Information not available.

INBOUND = 1#

Inbound packet.

OUTBOUND = 2#

Outbound packet.

class pcapkit.protocols.misc.pcapng.PacketReception(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)[source]#

Bases: IntEnum

Reception type for epb_flags options.

UNKNOWN = 0#

Not specified.

UNICAST = 1#

Unicast.

MULTICAST = 2#

Multicast.

BROADCAST = 3#

Broadcast.

PROMISCUOUS = 4#

Promiscuous.

class pcapkit.protocols.misc.pcapng.TLSKeyLabel(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)[source]#

Bases: StrEnum

TLS key log label.

RSA = 'RSA'#
CLIENT_RANDOM = 'CLIENT_RANDOM'#
CLIENT_EARLY_TRAFFIC_SECRET = 'CLIENT_EARLY_TRAFFIC_SECRET'#
CLIENT_HANDSHAKE_TRAFFIC_SECRET = 'CLIENT_HANDSHAKE_TRAFFIC_SECRET'#
SERVER_HANDSHAKE_TRAFFIC_SECRET = 'SERVER_HANDSHAKE_TRAFFIC_SECRET'#
CLIENT_TRAFFIC_SECRET_0 = 'CLIENT_TRAFFIC_SECRET_0'#
SERVER_TRAFFIC_SECRET_0 = 'SERVER_TRAFFIC_SECRET_0'#
EARLY_EXPORTER_SECRET = 'EARLY_EXPORTER_SECRET'#
EXPORTER_SECRET = 'EXPORTER_SECRET'#
class pcapkit.protocols.misc.pcapng.WireGuardKeyLabel(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)[source]#

Bases: StrEnum

WireGuard key log label.

LOCAL_STATIC_PRIVATE_KEY = 'LOCAL_STATIC_PRIVATE_KEY'#
REMOTE_STATIC_PUBLIC_KEY = 'REMOTE_STATIC_PUBLIC_KEY'#
LOCAL_EPHEMERAL_PRIVATE_KEY = 'LOCAL_EPHEMERAL_PRIVATE_KEY'#
PRESHARED_KEY = 'PRESHARED_KEY'#

Header Schemas#

class pcapkit.protocols.schema.misc.pcapng.PCAPNG(dict_=None, **kwargs)[source]#

Bases: Schema

Header schema for PCAP-NG file blocks.

type: Enum_BlockType = <EnumField type>#

Block type.

block: BlockType = <SwitchField block>#

Block specific data.

class pcapkit.protocols.schema.misc.pcapng.BlockType(dict_=None, **kwargs)[source]#

Bases: EnumSchema[BlockType]

Header schema for PCAP-NG file blocks.

post_process(packet)[source]#

Revise schema data after unpacking process.

This method validates the two block lengths and raises ProtocolError if they are not equal.

Parameters:

packet (dict[str, Any]) – Unpacked data.

Return type:

Schema

Returns:

Revised schema.

class pcapkit.protocols.schema.misc.pcapng.UnknownBlock(dict_=None, **kwargs)[source]#

Bases: BlockType

Header schema for unknown PCAP-NG file blocks.

length: int = <UInt32Field length>#

Block total length.

body: bytes = <BytesField body>#

Block body (including padding).

length2: int = <UInt32Field length2>#

Block total length.

class pcapkit.protocols.schema.misc.pcapng.SectionHeaderBlock(dict_=None, **kwargs)[source]#

Bases: BlockType

Header schema for PCAP-NG Section Header Block (SHB).

match: ByteorderTest = <ForwardMatchField match>#

Fast forward field to test the byteorder.

length: int = <UInt32Field length>#

Block total length.

magic: Literal[0x1A2B3C4D] = <UInt32Field magic>#

Byte order magic number.

major: int = <UInt16Field major>#

Major version number.

minor: int = <UInt16Field minor>#

Minor version number.

section_length: int = <Int64Field section_length>#

Section length.

options: list[Option] = <OptionField options>#

Options.

padding: bytes = <PaddingField padding>#

Padding.

length2: int = <UInt32Field length2>#

Block total length.

pre_pack(packet)[source]#

Prepare packet data for packing process.

Parameters:

packet (dict[str, Any]) – packet data

Return type:

None

Note

This method is expected to directly modify any data stored in the packet and thus no return is required.

post_process(packet)[source]#

Revise schema data after unpacking process.

This method calculate the byteorder value based on the parsed schema.

Parameters:

packet (dict[str, Any]) – Unpacked data.

Return type:

SectionHeaderBlock

Returns:

Revised schema.

byteorder: Literal['big', 'little']#

Byteorder.

class pcapkit.protocols.schema.misc.pcapng.InterfaceDescriptionBlock(dict_=None, **kwargs)[source]#

Bases: BlockType

Header schema for PCAP-NG Interface Description Block (IDB).

length: int = <UInt32Field length>#

Block total length.

linktype: Enum_LinkType = <EnumField linktype>#

Link type.

reserved: bytes = <PaddingField reserved>#

Reserved.

snaplen: int = <UInt32Field snaplen>#

Snap length.

options: list[Option] = <OptionField options>#

Options.

padding: bytes = <PaddingField padding>#

Padding.

length2: int = <UInt32Field length2>#

Block total length.

class pcapkit.protocols.schema.misc.pcapng.EnhancedPacketBlock(dict_=None, **kwargs)[source]#

Bases: BlockType

Header schema for PCAP-NG Enhanced Packet Block (EPB).

length: int = <UInt32Field length>#

Block total length.

interface_id: int = <UInt32Field interface_id>#

Interface ID.

timestamp_high: int = <UInt32Field timestamp_high>#

Higher 32-bit of timestamp (in seconds).

timestamp_low: int = <UInt32Field timestamp_low>#

Lower 32-bit of timestamp (in seconds).

captured_len: int = <UInt32Field captured_len>#

Captured packet length.

original_len: int = <UInt32Field original_len>#

Original packet length.

packet_data: bytes = <PayloadField packet_data>#

Packet data.

padding_data: bytes = <PaddingField padding_data>#

Padding.

options: list[Option] = <OptionField options>#

Options.

padding_opts: bytes = <PaddingField padding_opts>#

Padding.

length2: int = <UInt32Field length2>#

Block total length.

class pcapkit.protocols.schema.misc.pcapng.SimplePacketBlock(dict_=None, **kwargs)[source]#

Bases: BlockType

Header schema for PCAP-NG Simple Packet Block (SPB).

length: int = <UInt32Field length>#

Block total length.

original_len: int = <UInt32Field original_len>#

Original packet length.

packet_data: bytes = <PayloadField packet_data>#

Packet data.

padding: bytes = <PaddingField padding>#

Padding.

length2: int = <UInt32Field length2>#

Block total length.

class pcapkit.protocols.schema.misc.pcapng.NameResolutionBlock(dict_=None, **kwargs)[source]#

Bases: BlockType

Header schema for PCAP-NG Name Resolution Block (NRB).

length: int = <UInt32Field length>#

Record total length.

records: list[NameResolutionRecord] = <OptionField records>#

Name resolution records.

options: list[Option] = <OptionField options>#

Options.

padding: bytes = <PaddingField padding>#

Padding.

length2: int = <UInt32Field length2>#

Block total length.

post_process(packet)[source]#

Revise schema data after unpacking process.

Parameters:

packet (dict[str, Any]) – Unpacked data.

Return type:

Self

Returns:

Revised schema.

mapping: MultiDict[IPv4Address | IPv6Address, str]#

Name resolution mapping (IP address -> name).

reverse_mapping: MultiDict[str, IPv4Address | IPv6Address]#

Name resolution mapping (name -> IP address).

class pcapkit.protocols.schema.misc.pcapng.InterfaceStatisticsBlock(dict_=None, **kwargs)[source]#

Bases: BlockType

Header schema for PCAP-NG Interface Statistics Block (ISB).

length: int = <UInt32Field length>#

Block total length.

interface_id: int = <UInt32Field interface_id>#

Interface ID.

timestamp_high: int = <UInt32Field timestamp_high>#

Timestamp (higher 32 bits).

timestamp_low: int = <UInt32Field timestamp_low>#

Timestamp (lower 32 bits).

options: list[Option] = <OptionField options>#

Options.

padding: bytes = <PaddingField padding>#

Padding.

length2: int = <UInt32Field length2>#

Block total length.

class pcapkit.protocols.schema.misc.pcapng.SystemdJournalExportBlock(dict_=None, **kwargs)[source]#

Bases: BlockType

Header schema for PCAP-NG systemd(1) Journal Export Block.

length: int = <UInt32Field length>#

Block total length.

entry: bytes = <BytesField entry>#

Journal entry.

length2: int = <UInt32Field length2>#

Block total length.

post_process(packet)[source]#

Revise schema data after unpacking process.

Parameters:

packet (dict[str, Any]) – Unpacked data.

Return type:

Self

Returns:

Revised schema.

data: list[OrderedMultiDict[str, str | bytes]]#

Journal entry (decoded).

class pcapkit.protocols.schema.misc.pcapng.DecryptionSecretsBlock(dict_=None, **kwargs)[source]#

Bases: BlockType

Header schema for PCAP-NG Decryption Secrets Block (DSB).

length: int = <UInt32Field length>#

Block total length.

secrets_type: Enum_SecretsType = <EnumField secrets_type>#

Secrets type.

secrets_length: int = <UInt32Field secrets_length>#

Secrets length.

secrets_data: DSBSecrets = <SwitchField secrets_data>#

Secrets data.

padding_data: bytes = <BytesField padding_data>#

Padding.

options: list[Option] = <OptionField options>#

Options.

padding_opts: bytes = <PaddingField padding_opts>#

Padding.

length2: int = <UInt32Field length2>#

Block total length.

class pcapkit.protocols.schema.misc.pcapng.CustomBlock(dict_=None, **kwargs)[source]#

Bases: BlockType

Header schema for PCAP-NG Custom Block (CB).

length: int = <UInt32Field length>#

Block total length.

pen: int = <UInt32Field pen>#

Private enterprise number.

data: bytes = <BytesField data>#

Custom data.

padding: bytes = <BytesField padding>#

Padding.

length2: int = <UInt32Field length2>#

Block total length.

class pcapkit.protocols.schema.misc.pcapng.PacketBlock(dict_=None, **kwargs)[source]#

Bases: BlockType

Header schema for PCAP-NG Packet Block (obsolete).

length: int = <UInt32Field length>#

Block total length.

interface_id: int = <UInt32Field interface_id>#

Interface ID.

drop_count: int = <UInt32Field drop_count>#

Drops count.

timestamp_high: int = <UInt32Field timestamp_high>#

Timestamp (high).

timestamp_low: int = <UInt32Field timestamp_low>#

Timestamp (low).

captured_length: int = <UInt32Field captured_length>#

Captured packet length.

original_length: int = <UInt32Field original_length>#

Original packet length.

packet_data: bytes = <PayloadField packet_data>#

Packet data.

padding_data: bytes = <BytesField padding_data>#

Padding.

options: list[Option] = <OptionField options>#

Options.

padding_opts: bytes = <PaddingField padding_opts>#

Padding.

length2: int = <UInt32Field length2>#

Block total length.

class pcapkit.protocols.schema.misc.pcapng.Option(dict_=None, **kwargs)[source]#

Bases: EnumSchema[OptionType]

Header schema for PCAP-NG file options.

classmethod __init_subclass__(code=None, namespace=None, *args, **kwargs)[source]#

Register option type to __enum__ mapping.

Parameters:

  • code (Union[OptionType, Iterable[OptionType], None]) – Option type code. It can be either a single option type enumeration or a list of option type enumerations.

  • namespace (Optional[str]) – Namespace of option type enumeration. If not given, the value will be inferred from the option type code.

  • *args (Any) – Arbitrary positional arguments.

  • **kwargs (Any) – Arbitrary keyword arguments.

Return type:

None

If code is provided, the subclass will be registered to the __enum__ mapping with the given code. If code is not given, the subclass will not be registered.

Examples

from pcapkit.const.pcapng.option_type import OptionType as Enum_OptionType
from pcapkit.protocols.schema.misc.pcapng improt Option

class NewOption(Option, namespace='opt', code=Enum_OptionType.opt_new):
    ...

See also

static register(code, cls, ns=None)[source]#

Register option type to __enum__ mapping.

Parameters:

  • code (OptionType) – Option type code.

  • cls (Type[Option]) – Option type schema.

  • ns (Optional[str]) – Namespace of option type enumeration. If not given, the value will be inferred from the option type code.

Return type:

None

type: Enum_OptionType#

Option type.

length: int#

Option data length.

class pcapkit.protocols.schema.misc.pcapng._OPT_Option(dict_=None, **kwargs)[source]#

Bases: Option

Header schema for opt_* options.

type: Enum_OptionType = <OptionEnumField type>#

Option type.

length: int = <UInt16Field length>#

Option data length.

class pcapkit.protocols.schema.misc.pcapng.UnknownOption(dict_=None, **kwargs)[source]#

Bases: _OPT_Option

Header schema for unknown PCAP-NG file options.

data: bytes = <BytesField data>#

Option value.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.EndOfOption(dict_=None, **kwargs)[source]#

Bases: _OPT_Option

Header schema for PCAP-NG file opt_endofopt options.

class pcapkit.protocols.schema.misc.pcapng.CommentOption(dict_=None, **kwargs)[source]#

Bases: _OPT_Option

Header schema for PCAP-NG file opt_comment options.

comment: str = <StringField comment>#

Comment text.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.CustomOption(dict_=None, **kwargs)[source]#

Bases: _OPT_Option

Header schema for PCAP-NG file opt_custom options.

pen: int = <UInt32Field pen>#

Private enterprise number (PEN).

data: bytes = <BytesField data>#

Custom data.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng._IF_Option(dict_=None, **kwargs)[source]#

Bases: Option

Header schema for if_* options.

type: Enum_OptionType = <OptionEnumField type>#

Option type.

length: int = <UInt16Field length>#

Option data length.

class pcapkit.protocols.schema.misc.pcapng.IF_NameOption(dict_=None, **kwargs)[source]#

Bases: _IF_Option

Header schema for PCAP-NG file if_name options.

name: str = <StringField name>#

Interface name.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.IF_DescriptionOption(dict_=None, **kwargs)[source]#

Bases: _IF_Option

Header schema for PCAP-NG file if_description options.

description: str = <StringField description>#

Interface description.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.IF_IPv4AddrOption(dict_=None, **kwargs)[source]#

Bases: _IF_Option

Header schema for PCAP-NG file if_IPv4addr options.

interface: IPv4Interface = <IPv4InterfaceField interface>#

IPv4 interface.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.IF_IPv6AddrOption(dict_=None, **kwargs)[source]#

Bases: _IF_Option

Header schema for PCAP-NG file if_IPv6addr options.

interface: IPv6Interface = <IPv6InterfaceField interface>#

IPv6 interface.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.IF_MACAddrOption(dict_=None, **kwargs)[source]#

Bases: _IF_Option

Header schema for PCAP-NG file if_MACaddr options.

interface: bytes = <BytesField interface>#

MAC interface.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.IF_EUIAddrOption(dict_=None, **kwargs)[source]#

Bases: _IF_Option

Header schema for PCAP-NG file if_EUIaddr options.

interface: bytes = <BytesField interface>#

EUI interface.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.IF_SpeedOption(dict_=None, **kwargs)[source]#

Bases: _IF_Option

Header schema for PCAP-NG file if_speed options.

speed: int = <UInt64Field speed>#

Interface speed, in bits per second.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.IF_TSResolOption(dict_=None, **kwargs)[source]#

Bases: _IF_Option

Header schema for PCAP-NG file if_tsresol options.

tsresol: ResolutionData = <BitField tsresol>#

Interface timestamp resolution, in units per second.

padding: bytes = <PaddingField padding>#

Padding.

post_process(packet)[source]#

Revise schema data after unpacking process.

Parameters:

packet (dict[str, Any]) – Unpacked data.

Return type:

IF_TSResolOption

Returns:

Revised schema.

resolution: int#

Interface timestamp resolution, in units per second.

class pcapkit.protocols.schema.misc.pcapng.IF_TZoneOption(dict_=None, **kwargs)[source]#

Bases: _IF_Option

Header schema for PCAP-NG file if_tzone options.

tzone: int = <Int32Field tzone>#

Interface time zone (as in seconds difference from GMT).

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.IF_FilterOption(dict_=None, **kwargs)[source]#

Bases: _IF_Option

Header schema for PCAP-NG file if_filter options.

code: Enum_FilterType = <EnumField code>#

Filter code.

filter: bytes = <BytesField filter>#

Capture filter.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.IF_OSOption(dict_=None, **kwargs)[source]#

Bases: _IF_Option

Header schema for PCAP-NG file if_os options.

os: str = <StringField os>#

OS information.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.IF_FCSLenOption(dict_=None, **kwargs)[source]#

Bases: _IF_Option

Header schema for PCAP-NG file if_fcslen options.

fcslen: int = <UInt8Field fcslen>#

FCS length.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.IF_TSOffsetOption(dict_=None, **kwargs)[source]#

Bases: _IF_Option

Header schema for PCAP-NG file if_tsoffset options.

tsoffset: int = <Int64Field tsoffset>#

Timestamp offset (in seconds).

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.IF_HardwareOption(dict_=None, **kwargs)[source]#

Bases: _IF_Option

Header schema for PCAP-NG file if_hardware options.

hardware: str = <StringField hardware>#

Hardware information.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.IF_TxSpeedOption(dict_=None, **kwargs)[source]#

Bases: _IF_Option

Header schema for PCAP-NG file if_txspeed options.

tx_speed: int = <UInt64Field tx_speed>#

Interface transmit speed, in bits per second.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.IF_RxSpeedOption(dict_=None, **kwargs)[source]#

Bases: _IF_Option

Header schema for PCAP-NG file if_rxspeed options.

rx_speed: int = <UInt64Field rx_speed>#

Interface receive speed, in bits per second.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng._EPB_Option(dict_=None, **kwargs)[source]#

Bases: Option

Header schema for epb_* options.

type: Enum_OptionType = <OptionEnumField type>#

Option type.

length: int = <UInt16Field length>#

Option data length.

class pcapkit.protocols.schema.misc.pcapng.EPB_FlagsOption(dict_=None, **kwargs)[source]#

Bases: _EPB_Option

Header schema for PCAP-NG epb_flags options.

flags: EPBFlags = <BitField flags>#

Flags.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.EPB_HashOption(dict_=None, **kwargs)[source]#

Bases: _EPB_Option

Header schema for PCAP-NG epb_hash options.

func: Enum_HashAlgorithm = <EnumField func>#

Hash algorithm.

data: bytes = <BytesField data>#

Hash value.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.EPB_DropCountOption(dict_=None, **kwargs)[source]#

Bases: _EPB_Option

Header schema for PCAP-NG epb_dropcount options.

drop_count: int = <UInt64Field drop_count>#

Number of packets dropped by the interface.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.EPB_PacketIDOption(dict_=None, **kwargs)[source]#

Bases: _EPB_Option

Header schema for PCAP-NG epb_packetid options.

packet_id: int = <UInt64Field packet_id>#

Packet ID.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.EPB_QueueOption(dict_=None, **kwargs)[source]#

Bases: _EPB_Option

Header schema for PCAP-NG epb_queue options.

queue_id: int = <UInt32Field queue_id>#

Queue ID.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.EPB_VerdictOption(dict_=None, **kwargs)[source]#

Bases: _EPB_Option

Header schema for PCAP-NG epb_verdict options.

verdict: Enum_VerdictType = <EnumField verdict>#

Verdict type.

value: bytes = <BytesField value>#

Verdict value.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng._NS_Option(dict_=None, **kwargs)[source]#

Bases: Option

Header schema for ns_* options.

type: Enum_OptionType = <OptionEnumField type>#

Option type.

length: int = <UInt16Field length>#

Option data length.

class pcapkit.protocols.schema.misc.pcapng.NS_DNSNameOption(dict_=None, **kwargs)[source]#

Bases: _NS_Option

Header schema for PCAP-NG ns_dnsname option.

name: str = <StringField name>#

DNS name.

class pcapkit.protocols.schema.misc.pcapng.NS_DNSIP4AddrOption(dict_=None, **kwargs)[source]#

Bases: _NS_Option

Header schema for PCAP-NG ns_dnsIP4addr option.

ip: IPv4Address = <IPv4AddressField ip>#

IPv4 address.

class pcapkit.protocols.schema.misc.pcapng.NS_DNSIP6AddrOption(dict_=None, **kwargs)[source]#

Bases: _NS_Option

Header schema for PCAP-NG ns_dnsIP6addr option.

ip: IPv6Address = <IPv6AddressField ip>#

IPv6 address.

class pcapkit.protocols.schema.misc.pcapng._ISB_Option(dict_=None, **kwargs)[source]#

Bases: Option

Header schema for isb_* options.

type: Enum_OptionType = <OptionEnumField type>#

Option type.

length: int = <UInt16Field length>#

Option data length.

class pcapkit.protocols.schema.misc.pcapng.ISB_StartTimeOption(dict_=None, **kwargs)[source]#

Bases: _ISB_Option

Header schema for PCAP-NG isb_starttime option.

timestamp_high: int = <UInt32Field timestamp_high>#

Timestamp (higher 32 bits).

timestamp_low: int = <UInt32Field timestamp_low>#

Timestamp (lower 32 bits).

class pcapkit.protocols.schema.misc.pcapng.ISB_EndTimeOption(dict_=None, **kwargs)[source]#

Bases: _ISB_Option

Header schema for PCAP-NG isb_endtime option.

timestamp_high: int = <UInt32Field timestamp_high>#

Timestamp (higher 32 bits).

timestamp_low: int = <UInt32Field timestamp_low>#

Timestamp (lower 32 bits).

class pcapkit.protocols.schema.misc.pcapng.ISB_IFRecvOption(dict_=None, **kwargs)[source]#

Bases: _ISB_Option

Header schema for PCAP-NG isb_ifrecv option.

packets: int = <UInt64Field packets>#

Number of packets received.

class pcapkit.protocols.schema.misc.pcapng.ISB_IFDropOption(dict_=None, **kwargs)[source]#

Bases: _ISB_Option

Header schema for PCAP-NG isb_ifdrop option.

packets: int = <UInt64Field packets>#

Number of packets dropped.

class pcapkit.protocols.schema.misc.pcapng.ISB_FilterAcceptOption(dict_=None, **kwargs)[source]#

Bases: _ISB_Option

Header schema for PCAP-NG isb_filteraccept option.

packets: int = <UInt64Field packets>#

Number of packets accepted by filter.

class pcapkit.protocols.schema.misc.pcapng.ISB_OSDropOption(dict_=None, **kwargs)[source]#

Bases: _ISB_Option

Header schema for PCAP-NG isb_osdrop option.

packets: int = <UInt64Field packets>#

Number of packets dropped by OS.

class pcapkit.protocols.schema.misc.pcapng.ISB_UsrDelivOption(dict_=None, **kwargs)[source]#

Bases: _ISB_Option

Header schema for PCAP-NG isb_usrdeliv option.

packets: int = <UInt64Field packets>#

Number of packets delivered to user.

class pcapkit.protocols.schema.misc.pcapng._PACK_Option(dict_=None, **kwargs)[source]#

Bases: Option

Header schema for pack_* options.

type: Enum_OptionType = <OptionEnumField type>#

Option type.

length: int = <UInt16Field length>#

Option data length.

class pcapkit.protocols.schema.misc.pcapng.PACK_FlagsOption(dict_=None, **kwargs)[source]#

Bases: _PACK_Option

Header schema for PCAP-NG pack_flags options.

flags: PACKFlags = <BitField flags>#

Flags.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.PACK_HashOption(dict_=None, **kwargs)[source]#

Bases: _PACK_Option

Header schema for PCAP-NG pack_hash options.

func: Enum_HashAlgorithm = <EnumField func>#

Hash algorithm.

data: bytes = <BytesField data>#

Hash value.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.NameResolutionRecord(dict_=None, **kwargs)[source]#

Bases: EnumSchema[RecordType]

Header schema for PCAP-NG NRB records.

type: Enum_RecordType = <EnumField type>#

Record type.

length: int = <UInt16Field length>#

Record value length.

class pcapkit.protocols.schema.misc.pcapng.UnknownRecord(dict_=None, **kwargs)[source]#

Bases: NameResolutionRecord

Header schema for PCAP-NG NRB unknown records.

data: bytes = <BytesField data>#

Unknown record data.

padding: bytes = <PaddingField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.EndRecord(dict_=None, **kwargs)[source]#

Bases: NameResolutionRecord

Header schema for PCAP-NG nrb_record_end records.

class pcapkit.protocols.schema.misc.pcapng.IPv4Record(dict_=None, **kwargs)[source]#

Bases: NameResolutionRecord

Header schema for PCAP-NG NRB nrb_record_ipv4 records.

ip: IPv4Address = <IPv4AddressField ip>#

IPv4 address.

resol: str = <StringField resol>#

Name resolution data.

padding: bytes = <PaddingField padding>#

Padding.

post_process(packet)[source]#

Revise schema data after unpacking process.

Parameters:

packet (dict[str, Any]) – Unpacked data.

Return type:

Schema

Returns:

Revised schema.

names: list[str]#

Name resolution records.

class pcapkit.protocols.schema.misc.pcapng.IPv6Record(dict_=None, **kwargs)[source]#

Bases: NameResolutionRecord

Header schema for PCAP-NG NRB nrb_record_ipv4 records.

ip: IPv6Address = <IPv6AddressField ip>#

IPv4 address.

resol: str = <StringField resol>#

Name resolution data.

padding: bytes = <PaddingField padding>#

Padding.

post_process(packet)[source]#

Revise schema data after unpacking process.

Parameters:

packet (dict[str, Any]) – Unpacked data.

Return type:

Schema

Returns:

Revised schema.

names: list[str]#

Name resolution records.

class pcapkit.protocols.schema.misc.pcapng.DSBSecrets(dict_=None, **kwargs)[source]#

Bases: EnumSchema[SecretsType]

Header schema for DSB secrets data.

class pcapkit.protocols.schema.misc.pcapng.UnknownSecrets(dict_=None, **kwargs)[source]#

Bases: DSBSecrets

Header schema for unknown DSB secrets data.

data: bytes = <BytesField data>#

Secrets data.

class pcapkit.protocols.schema.misc.pcapng.TLSKeyLog(dict_=None, **kwargs)[source]#

Bases: DSBSecrets

Header schema for TLS Key Log secrets data.

data: str = <StringField data>#

TLS key log data.

post_process(packet)[source]#

Revise schema data after unpacking process.

Parameters:

packet (dict[str, Any]) – Unpacked data.

Return type:

Schema

Returns:

Revised schema.

entries: dict[TLSKeyLabel, OrderedMultiDict[bytes, bytes]]#

TLS Key Log entries.

class pcapkit.protocols.schema.misc.pcapng.WireGuardKeyLog(dict_=None, **kwargs)[source]#

Bases: DSBSecrets

Header schema for WireGuard Key Log secrets data.

data: str = <StringField data>#

WireGuard key log data.

post_process(packet)[source]#

Revise schema data after unpacking process.

Parameters:

packet (dict[str, Any]) – Unpacked data.

Return type:

Schema

Returns:

Revised schema.

entries: OrderedMultiDict[WireGuardKeyLabel, bytes]#

WireGuard Key Log entries.

class pcapkit.protocols.schema.misc.pcapng.ZigBeeNWKKey(dict_=None, **kwargs)[source]#

Bases: DSBSecrets

Header schema for ZigBee NWK Key and ZigBee PANID secrets data.

key: bytes = <BytesField key>#

AES-128 NKW key.

panid: int = <UInt16Field panid>#

ZigBee PANID.

padding: bytes = <BytesField padding>#

Padding.

class pcapkit.protocols.schema.misc.pcapng.ZigBeeAPSKey(dict_=None, **kwargs)[source]#

Bases: DSBSecrets

Header schema for ZigBee APS Key secrets data.

key: bytes = <BytesField key>#

AES-128 APS key.

panid: int = <UInt16Field panid>#

ZigBee PANID.

addr_low: int = <UInt16Field addr_low>#

Low node short address.

addr_high: int = <UInt16Field addr_high>#

High node short address.

padding: bytes = <BytesField padding>#

Padding.

Type Stubs#

class pcapkit.protocols.schema.misc.pcapng.ByteorderTest[source]#

Bases: TypedDict

Test for byteorder.

byteorder: int#

Byteorder magic number.

class pcapkit.protocols.schema.misc.pcapng.ResolutionData[source]#

Bases: TypedDict

Data for resolution.

flag: int#

2-based).

Type:

Resolution type flag (0

Type:

10-based, 1

resolution: int#

Resolution value.

class pcapkit.protocols.schema.misc.pcapng.EPBFlags[source]#

Bases: TypedDict

EPB flags.

direction: int#

Inbound / Outbound packet (00 = information not available, 01 = inbound, 10 = outbound)

reception: int#

Reception type (000 = not specified, 001 = unicast, 010 = multicast, 011 = broadcast, 100 = promiscuous).

fcs_len: int#

FCS length, in octets (0000 if this information is not available). This value overrides the if_fcslen option of the Interface Description Block, and is used with those link layers (e.g. PPP) where the length of the FCS can change during time.

crc_error: int#

Link-layer-dependent error - CRC error (bit 24).

too_long: int#

Link-layer-dependent error - packet too long error (bit 25).

too_short: int#

Link-layer-dependent error - packet too short error (bit 26).

gap_error: int#

Link-layer-dependent error - wrong Inter Frame Gap error (bit 27).

unaligned_error: int#

Link-layer-dependent error - unaligned frame error (bit 28).

delimiter_error: int#

Link-layer-dependent error - Start Frame Delimiter error (bit 29).

preamble_error: int#

Link-layer-dependent error - preamble error (bit 30).

symbol_error: int#

Link-layer-dependent error - symbol error (bit 31).

class pcapkit.protocols.schema.misc.pcapng.PACKFlags[source]#

Bases: TypedDict

PACK flags.

direction: int#

Inbound / Outbound packet (00 = information not available, 01 = inbound, 10 = outbound)

reception: int#

Reception type (000 = not specified, 001 = unicast, 010 = multicast, 011 = broadcast, 100 = promiscuous).

fcs_len: int#

FCS length, in octets (0000 if this information is not available). This value overrides the if_fcslen option of the Interface Description Block, and is used with those link layers (e.g. PPP) where the length of the FCS can change during time.

crc_error: int#

Link-layer-dependent error - CRC error (bit 24).

too_long: int#

Link-layer-dependent error - packet too long error (bit 25).

too_short: int#

Link-layer-dependent error - packet too short error (bit 26).

gap_error: int#

Link-layer-dependent error - wrong Inter Frame Gap error (bit 27).

unaligned_error: int#

Link-layer-dependent error - unaligned frame error (bit 28).

delimiter_error: int#

Link-layer-dependent error - Start Frame Delimiter error (bit 29).

preamble_error: int#

Link-layer-dependent error - preamble error (bit 30).

symbol_error: int#

Link-layer-dependent error - symbol error (bit 31).

Auxiliary Functions#

pcapkit.protocols.schema.misc.pcapng.byteorder_callback(field, packet)[source]#

Update byte order of PCAP-NG file.

Parameters:
Return type:

None

pcapkit.protocols.schema.misc.pcapng.shb_byteorder_callback(field, packet)[source]#

Update byte order of PCAP-NG file for SHB.

Parameters:
Return type:

None

pcapkit.protocols.schema.misc.pcapng.pcapng_block_selector(packet)[source]#

Selector function for PCAPNG.block field.

Parameters:

pkt – Packet data.

Return type:

FieldBase

Returns:

Returns a SchemaField wrapped BlockType subclass instance.

See also

pcapkit.protocols.schema.misc.pcapng.dsb_secrets_selector(packet)[source]#

Selector function for DecryptionSecretsBlock.secrets_data field.

Parameters:

pkt – Packet data.

Return type:

FieldBase

Returns:

  • If secrets_type is unknown, returns a BytesField instance.

  • If secret_type is TLS_Key_Log and/or WireGuard_Key_Log, returns a StringField instance.

  • Otherwise, returns a SchemaField wrapped DSBSecrets subclass instance.

See also

Data Models#

class pcapkit.protocols.data.misc.pcapng.PCAPNG(dict_=None, **kwargs)[source]#

Bases: Protocol

Data model for PCAP-NG file blocks.

type: Enum_BlockType#

Block type.

length: int#

Block total length.

class pcapkit.protocols.data.misc.pcapng.UnknownBlock(*args: VT, **kwargs: VT)[source]#

Bases: PCAPNG

Data model for unknown PCAP-NG file blocks.

body: bytes#

Block body.

class pcapkit.protocols.data.misc.pcapng.SectionHeaderBlock(*args: VT, **kwargs: VT)[source]#

Bases: PCAPNG

Data model for PCAP-NG Section Header Block (SHB).

byteorder: Literal["big", "little"]#

Byte order.

version: VersionInfo#

Version number.

section_length: int#

Section length.

options: OrderedMultiDict[Enum_OptionType, Option]#

Options.

class pcapkit.protocols.data.misc.pcapng.InterfaceDescriptionBlock(*args: VT, **kwargs: VT)[source]#

Bases: PCAPNG

Data model for PCAP-NG Interface Description Block (IDB).

linktype: Enum_LinkType#

Link type.

snaplen: int#

Snap length.

options: OrderedMultiDict[Enum_OptionType, Option]#

Options.

class pcapkit.protocols.data.misc.pcapng.EnhancedPacketBlock(*args: VT, **kwargs: VT)[source]#

Bases: PCAPNG

Data model for PCAP-NG Enhanced Packet Block (EPB).

section_number: int#

Section index.

number: int#

Frame index.

interface_id: int#

Interface ID.

timestamp: dt_type#

Timestamp (in seconds).

timestamp_epoch: Decimal#

Timestamp as in UNIX epoch (in seconds).

captured_len: int#

Captured packet length.

original_len: int#

Original packet length.

options: OrderedMultiDict[Enum_OptionType, Option]#

Options.

protocols: str#

Protocol chain.

class pcapkit.protocols.data.misc.pcapng.SimplePacketBlock(*args: VT, **kwargs: VT)[source]#

Bases: PCAPNG

Data model for PCAP-NG Simple Packet Block (SPB).

section_number: int#

Section index.

number: int#

Frame index.

original_len: int#

Original packet length.

captured_len: int#

Captured packet length.

__post_init__()[source]#

Post-initialization handling.

Return type:

None

protocols: str#

Protocol chain.

interface_id: int#

Interface ID.

timestamp: dt_type#

Timestamp (in seconds).

timestamp_epoch: Decimal#

Timestamp as in UNIX epoch (in seconds).

class pcapkit.protocols.data.misc.pcapng.NameResolutionBlock(*args: VT, **kwargs: VT)[source]#

Bases: PCAPNG

Data model for PCAP-NG Name Resolution Block (NRB).

records: OrderedMultiDict[Enum_RecordType, NameResolutionRecord]#

Records.

options: OrderedMultiDict[Enum_OptionType, Option]#

Options.

__post_init__()[source]#

Post-initialization handling.

Return type:

None

mapping: MultiDict[IPv4Address | IPv6Address, str]#

Name resolution mapping (IP address -> name).

reverse_mapping: MultiDict[str, IPv4Address | IPv6Address]#

Name resolution mapping (name -> IP address).

class pcapkit.protocols.data.misc.pcapng.InterfaceStatisticsBlock(*args: VT, **kwargs: VT)[source]#

Bases: PCAPNG

Data model for PCAP-NG Interface Statistics Block (ISB).

interface_id: int#

Interface ID.

timestamp: dt_type#

Timestamp.

timestamp_epoch: Decimal#

Timestamp as in UNIX epoch (in seconds).

options: OrderedMultiDict[Enum_OptionType, Option]#

Options.

class pcapkit.protocols.data.misc.pcapng.SystemdJournalExportBlock(*args: VT, **kwargs: VT)[source]#

Bases: PCAPNG

Data model for PCAP-NG systemd(1) Journal Export Block.

data: tuple[OrderedMultiDict[str, str | bytes], ...]#

Journal entry.

class pcapkit.protocols.data.misc.pcapng.DecryptionSecretsBlock(*args: VT, **kwargs: VT)[source]#

Bases: PCAPNG

Data model for PCAP-NG Decryption Secrets Block (DSB).

secrets_type: Enum_SecretsType#

Secrets type.

secrets_length: int#

Secrets length.

secrets_data: DSBSecrets#

Secrets data.

options: OrderedMultiDict[Enum_OptionType, Option]#

Options.

class pcapkit.protocols.data.misc.pcapng.CustomBlock(*args: VT, **kwargs: VT)[source]#

Bases: PCAPNG

Data model for PCAP-NG Custom Block (CB).

pen: int#

Private enterprise number.

data: bytes#

Custom block data (incl. data, options and padding).

class pcapkit.protocols.data.misc.pcapng.PacketBlock(*args: VT, **kwargs: VT)[source]#

Bases: PCAPNG

Data model for PCAP-NG Packet Block (obsolete).

section_number: int#

Section index.

number: int#

Frame index.

interface_id: int#

Interface ID.

drop_count: int#

Drops count.

timestamp: dt_type#

Timestamp.

timestamp_epoch: Decimal#

Timestamp as in UNIX epoch (in seconds).

captured_len: int#

Captured packet length.

original_len: int#

Original packet length.

options: OrderedMultiDict[Enum_OptionType, Option]#

Options.

protocols: str#

Protocol chain.

class pcapkit.protocols.data.misc.pcapng.Option(dict_=None, **kwargs)[source]#

Bases: Data

Data model for PCAP-NG file options.

type: Enum_OptionType#

Option type.

length: int#

Option data length.

class pcapkit.protocols.data.misc.pcapng.UnknownOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for unknown PCAP-NG file options.

data: bytes#

Option data.

class pcapkit.protocols.data.misc.pcapng.EndOfOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file opt_endofopt options.

class pcapkit.protocols.data.misc.pcapng.CommentOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file opt_comment options.

comment: str#

Comment text.

class pcapkit.protocols.data.misc.pcapng.CustomOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file opt_custom options.

pen: int#

Private enterprise number (PEN).

data: bytes#

Custom data.

class pcapkit.protocols.data.misc.pcapng.IF_NameOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file if_name options.

name: str#

Interface name.

class pcapkit.protocols.data.misc.pcapng.IF_DescriptionOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file if_description options.

description: str#

Interface description.

class pcapkit.protocols.data.misc.pcapng.IF_IPv4AddrOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file if_IPv4addr options.

interface: IPv4Interface#

IPv4 interface.

class pcapkit.protocols.data.misc.pcapng.IF_IPv6AddrOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file if_IPv6addr options.

interface: IPv6Interface#

IPv6 interface.

class pcapkit.protocols.data.misc.pcapng.IF_MACAddrOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file if_MACaddr options.

interface: str#

MAC address.

class pcapkit.protocols.data.misc.pcapng.IF_EUIAddrOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file if_EUIaddr options.

interface: str#

EUI address.

class pcapkit.protocols.data.misc.pcapng.IF_SpeedOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file if_speed options.

speed: int#

Interface speed, in bits per second.

class pcapkit.protocols.data.misc.pcapng.IF_TSResolOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file if_tsresol options.

resolution: int#

Time stamp resolution, in units per second.

class pcapkit.protocols.data.misc.pcapng.IF_TZoneOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file if_tzone options.

timezone: dt_timezone#

Time zone.

class pcapkit.protocols.data.misc.pcapng.IF_FilterOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file if_filter options.

code: Enum_FilterType#

Filter code.

expression: bytes#

Filter expression.

class pcapkit.protocols.data.misc.pcapng.IF_OSOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file if_os options.

os: str#

Operating system.

class pcapkit.protocols.data.misc.pcapng.IF_FCSLenOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file if_fcslen options.

fcs_length: int#

FCS length.

class pcapkit.protocols.data.misc.pcapng.IF_TSOffsetOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file if_tsoffset options.

offset: int#

Timestamp offset (in seconds).

class pcapkit.protocols.data.misc.pcapng.IF_HardwareOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file if_hardware options.

hardware: str#

Hardware information.

class pcapkit.protocols.data.misc.pcapng.IF_TxSpeedOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file if_txspeed options.

speed: int#

Interface transmit speed (in bits per second).

class pcapkit.protocols.data.misc.pcapng.IF_RxSpeedOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file if_rxspeed options.

speed: int#

Interface receive speed (in bits per second).

class pcapkit.protocols.data.misc.pcapng.EPB_FlagsOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file epb_flags options.

direction: PacketDirection#

Inbound / Outbound packet.

reception: PacketReception#

Reception type.

fcs_len: int#

FCS length.

crc_error: bool#

Link-layer-dependent error - CRC error (bit 24).

too_long: bool#

Link-layer-dependent error - packet too long error (bit 25).

too_short: bool#

Link-layer-dependent error - packet too short error (bit 26).

gap_error: bool#

Link-layer-dependent error - wrong Inter Frame Gap error (bit 27).

unaligned_error: bool#

Link-layer-dependent error - unaligned frame error (bit 28).

delimiter_error: bool#

Link-layer-dependent error - Start Frame Delimiter error (bit 29).

preamble_error: bool#

Link-layer-dependent error - preamble error (bit 30).

symbol_error: bool#

Link-layer-dependent error - symbol error (bit 31).

class pcapkit.protocols.data.misc.pcapng.EPB_HashOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG epb_hash options.

algorithm: Enum_HashAlgorithm#

Hash algorithm.

hash: bytes#

Hash value.

class pcapkit.protocols.data.misc.pcapng.EPB_DropCountOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG epb_dropcount options.

drop_count: int#

Number of packets dropped by the interface.

class pcapkit.protocols.data.misc.pcapng.EPB_PacketIDOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG epb_packetid options.

packet_id: int#

Packet ID.

class pcapkit.protocols.data.misc.pcapng.EPB_QueueOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG epb_queue options.

queue_id: int#

Queue ID.

class pcapkit.protocols.data.misc.pcapng.EPB_VerdictOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG epb_verdict options.

verdict: Enum_VerdictType#

Verdict type.

value: bytes#

Verdict value.

class pcapkit.protocols.data.misc.pcapng.NS_DNSNameOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG ns_dnsname option.

name: str#

DNS name.

class pcapkit.protocols.data.misc.pcapng.NS_DNSIP4AddrOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG ns_dnsip4addr option.

ip: IPv4Address#

IPv4 address.

class pcapkit.protocols.data.misc.pcapng.NS_DNSIP6AddrOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG ns_dnsip6addr option.

ip: IPv6Address#

IPv6 address.

class pcapkit.protocols.data.misc.pcapng.ISB_StartTimeOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG isb_starttime option.

timestamp: dt_type#

Start time.

timestamp_epoch: Decimal#

Start time as in UNIX epoch (in seconds).

class pcapkit.protocols.data.misc.pcapng.ISB_EndTimeOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG isb_endtime option.

timestamp: dt_type#

End time.

timestamp_epoch: Decimal#

End time as in UNIX epoch (in seconds).

class pcapkit.protocols.data.misc.pcapng.ISB_IFRecvOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG isb_ifrecv option.

packets: int#

Number of packets received.

class pcapkit.protocols.data.misc.pcapng.ISB_IFDropOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG isb_ifdrop option.

packets: int#

Number of packets dropped.

class pcapkit.protocols.data.misc.pcapng.ISB_FilterAcceptOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG isb_filteraccept option.

packets: int#

Number of packets accepted by the filter.

class pcapkit.protocols.data.misc.pcapng.ISB_OSDropOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG isb_osdrop option.

packets: int#

Number of packets dropped by the operating system.

class pcapkit.protocols.data.misc.pcapng.ISB_UsrDelivOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG isb_usrdeliv option.

packets: int#

Number of packets delivered to the user.

class pcapkit.protocols.data.misc.pcapng.PACK_FlagsOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG file pack_flags options.

direction: PacketDirection#

Inbound / Outbound packet.

reception: PacketReception#

Reception type.

fcs_len: int#

FCS length.

crc_error: bool#

Link-layer-dependent error - CRC error (bit 24).

too_long: bool#

Link-layer-dependent error - packet too long error (bit 25).

too_short: bool#

Link-layer-dependent error - packet too short error (bit 26).

gap_error: bool#

Link-layer-dependent error - wrong Inter Frame Gap error (bit 27).

unaligned_error: bool#

Link-layer-dependent error - unaligned frame error (bit 28).

delimiter_error: bool#

Link-layer-dependent error - Start Frame Delimiter error (bit 29).

preamble_error: bool#

Link-layer-dependent error - preamble error (bit 30).

symbol_error: bool#

Link-layer-dependent error - symbol error (bit 31).

class pcapkit.protocols.data.misc.pcapng.PACK_HashOption(*args: VT, **kwargs: VT)[source]#

Bases: Option

Data model for PCAP-NG pack_hash options.

algorithm: Enum_HashAlgorithm#

Hash algorithm.

hash: bytes#

Hash value.

class pcapkit.protocols.data.misc.pcapng.NameResolutionRecord(dict_=None, **kwargs)[source]#

Bases: Data

Data model for PCAP-NG NRB records.

type: Enum_RecordType#

Record type.

length: int#

Record value length.

class pcapkit.protocols.data.misc.pcapng.UnknownRecord(*args: VT, **kwargs: VT)[source]#

Bases: NameResolutionRecord

Data model for PCAP-NG NRB unknown records.

data: bytes#

Unknown record value.

class pcapkit.protocols.data.misc.pcapng.EndRecord(*args: VT, **kwargs: VT)[source]#

Bases: NameResolutionRecord

Data model for PCAP-NG nrb_record_end records.

class pcapkit.protocols.data.misc.pcapng.IPv4Record(*args: VT, **kwargs: VT)[source]#

Bases: NameResolutionRecord

Data model for PCAP-NG nrb_record_ipv4 records.

ip: IPv4Address#

IPv4 address.

records: tuple[str, ...]#

Name resolution data.

class pcapkit.protocols.data.misc.pcapng.IPv6Record(*args: VT, **kwargs: VT)[source]#

Bases: NameResolutionRecord

Data model for PCAP-NG nrb_record_ipv6 records.

ip: IPv6Address#

IPv6 address.

records: tuple[str, ...]#

Name resolution data.

class pcapkit.protocols.data.misc.pcapng.DSBSecrets(dict_=None, **kwargs)[source]#

Bases: Data

Data model for DSB secrets data.

class pcapkit.protocols.data.misc.pcapng.UnknownSecrets(*args: VT, **kwargs: VT)[source]#

Bases: DSBSecrets

Data model for unknown DSB secrets.

data: bytes#

Secrets data.

class pcapkit.protocols.data.misc.pcapng.TLSKeyLog(*args: VT, **kwargs: VT)[source]#

Bases: DSBSecrets

Data model for TLS key log DSB secrets.

entries: dict[TLSKeyLabel, OrderedMultiDict[bytes, bytes]]#

TLS key log entries.

class pcapkit.protocols.data.misc.pcapng.WireGuardKeyLog(*args: VT, **kwargs: VT)[source]#

Bases: DSBSecrets

Data model for WireGuard key DSB secrets.

entries: OrderedMultiDict[WireGuardKeyLabel, bytes]#

WireGuard Key Log entries.

class pcapkit.protocols.data.misc.pcapng.ZigBeeNWKKey(*args: VT, **kwargs: VT)[source]#

Bases: DSBSecrets

Data model for ZigBEE NWK Key and ZigBee PANID secrets data.

nwk_key: bytes#

AES-128 NKW key.

pan_id: int#

PAN ID.

class pcapkit.protocols.data.misc.pcapng.ZigBeeAPSKey(*args: VT, **kwargs: VT)[source]#

Bases: DSBSecrets

Data model for ZigBEE APS Key secrets data.

aps_key: bytes#

AES-128 APS key.

pan_id: int#

PAN ID.

short_address: int#

Node short address.

Footnotes