PCAP-NG File Format¶
pcapkit.protocols.misc.pcapng contains
PCAPNG only,
which implements extractor for PCAP-NG file format [*].
- class pcapkit.protocols.misc.pcapng.PCAPNG(file=None, length=None, **kwargs)[source]¶
Bases:
ProtocolBase[PCAPNG,PCAPNG]PCAP-NG file block extractor.
The class currently supports parsing of the following protocols, which are registered in the
self.__proto__attribute:Index
Protocol
The class currently supports parsing of the following block types, which are registered in the
self.__block__attribute:Block Type
Block Parser
Block Constructor
The class currently supports parsing of the following option types, which are registered in the
self.__option__attribute:Option Type
Option Parser
Option Constructor
The class currently supports parsing of the following systemd(1) journal export record types, which are registered in the
self.__record__attribute:Record Type
Record Parser
Record Constructor
The class currently supports parsing of the following decryption secrets types, which are registered in the
self.__secrets__attribute:Secrets Type
Secrets Parser
Secrets Constructor
- property linktype: LinkType¶
Data link layer protocol type.
- Raises:
UnsupportedCall – If current block is not a valid packet block, i.e., EPB, ISB or obsolete Packet Block.
- classmethod register(code, protocol)[source]¶
Register a new protocol class.
Notes
The full qualified class name of the new protocol class should be as
{protocol.module}.{protocol.name}.- Parameters:
protocol (
Union[ModuleDescriptor[ProtocolBase],Type[ProtocolBase]]) – module descriptor or aProtocolsubclass
- Return type:
- classmethod register_option(code, meth)[source]¶
Register a option parser.
- Parameters:
code (
OptionType) – PCAP-NG option type code.meth (
str|tuple[Callable[[Option,OrderedMultiDict[OptionType,Option]],Option],Callable[[OptionType,Optional[Option],Any],Option]]) – Method name or callable to parse and/or construct the option.
- Return type:
- classmethod register_record(code, meth)[source]¶
Register a systemd(1) journal export record parser.
- Parameters:
code (
RecordType) – PCAP-NG systemd(1) journal export record type code.meth (
str|tuple[Callable[[NameResolutionRecord,OrderedMultiDict[RecordType,NameResolutionRecord]],NameResolutionRecord],Callable[[RecordType,Optional[NameResolutionRecord],Any],NameResolutionRecord]]) – Method name or callable to parse and/or construct the systemd(1) journal export record.
- Return type:
- classmethod register_secrets(code, meth)[source]¶
Register a decryption secrets parser.
- Parameters:
code (
SecretsType) – PCAP-NG decryption secrets type code.meth (
str|tuple[Callable[[DSBSecrets,DecryptionSecretsBlock],DSBSecrets],Callable[[SecretsType,Optional[DSBSecrets],Any],DSBSecrets]]) – Method name or callable to parse and/or construct the decryption secrets.
- Return type:
- unpack(length=None, **kwargs)[source]¶
Unpack (parse) packet data.
- Parameters:
- Return type:
- Returns:
Parsed packet data.
Notes
We used a special keyword argument
__packet__to pass the global packet data to underlying methods. This is useful when the packet data is not available in the current instance.
- pack(**kwargs)[source]¶
Pack (construct) packet data.
- Parameters:
**kwargs (
Any) – Arbitrary keyword arguments.- Return type:
- Returns:
Constructed packet data.
Notes
We used a special keyword argument
__packet__to pass the global packet data to underlying methods. This is useful when the packet data is not available in the current instance.
- read(length=None, *, _read=True, _seek_set=0, **kwargs)[source]¶
Read PCAP-NG file blocks.
Structure of PCAP-NG file blocks:
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 | Block Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4 | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 8 / Block Body / / variable length, padded to 32 bits / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- make(type=<BlockType.Simple_Packet_Block: 3>, type_default=None, type_namespace=None, type_reversed=False, block=b'', **kwargs)[source]¶
Make PCAP-NG block data.
- Parameters:
type (
BlockType|IntEnum|IntEnum|str|int) – Block type.type_namespace (
Union[dict[str,int],dict[int,str],Type[IntEnum],Type[IntEnum],None]) – Block type namespace.type_reversed (
bool) – Whether to reverse block type namespace.block (
bytes|PCAPNG|BlockType|dict[str,Any]) – Block data.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed packet data.
- index(name)[source]¶
Call
ProtoChain.index.- Parameters:
name (
Union[str,ProtocolBase,Type[ProtocolBase]]) –nameto be searched- Return type:
- Returns:
First index of
name.- Raises:
IndexNotFound – if
nameis not present
- _decode_next_layer(dict_, proto=None, length=None, *, packet=None)[source]¶
Decode next layer protocol.
- Parameters:
- Return type:
- Returns:
Current protocol with packet extracted.
Notes
We added a new key
__next_type__todict_to store the next layer protocol type, and a new key__next_name__to store the next layer protocol name. These two keys will NOT be included whenInfo.to_dictis called.We also added a new key
protocolstodict_to store the protocol chain of the current packet (frame).
- _get_payload()[source]¶
Get payload of
self.__header__.- Return type:
- Returns:
Payload of
self.__header__asbytes.
See also
This is a wrapper function for
pcapkit.protocols.schema.Schema.get_payload().
- _read_block_unknown(schema, *, header)[source]¶
Read unknown PCAP-NG block.
- Parameters:
schema (
UnknownBlock) – Parsed block schema.header (
PCAPNG) – Parsed PCAP-NG header schema.
- Return type:
- Returns:
Parsed packet data.
- _read_block_shb(schema, *, header)[source]¶
Read PCAP-NG section header block (SHB).
Structure of Section Header Block:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 | Block Type = 0x0A0D0D0A | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4 | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 8 | Byte-Order Magic | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 12 | Major Version | Minor Version | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 16 | | | Section Length | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 24 / / / Options (variable) / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- Parameters:
schema (
SectionHeaderBlock) – Parsed block schema.header (
PCAPNG) – Parsed PCAP-NG header schema.
- Return type:
- Returns:
Parsed packet data.
- _read_block_idb(schema, *, header)[source]¶
Read PCAP-NG interface description block (IDB).
Structure of Interface Description Block:
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 | Block Type = 0x00000001 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4 | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 8 | LinkType | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 12 | SnapLen | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 16 / / / Options (variable) / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Parameters:
schema (
InterfaceDescriptionBlock) – Parsed block schema.header (
PCAPNG) – Parsed PCAP-NG header schema.
- Return type:
- Returns:
Parsed packet data.
- _read_block_epb(schema, *, header)[source]¶
Read PCAP-NG enhanced packet block (EPB).
Structure of Enhanced Packet Block:
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 | Block Type = 0x00000006 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4 | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 8 | Interface ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 12 | Timestamp (High) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 16 | Timestamp (Low) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 20 | Captured Packet Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 24 | Original Packet Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 28 / / / Packet Data / / variable length, padded to 32 bits / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / / Options (variable) / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Parameters:
schema (
EnhancedPacketBlock) – Parsed block schema.header (
PCAPNG) – Parsed PCAP-NG header schema.
- Return type:
- Returns:
Parsed packet data.
- _read_block_spb(schema, *, header)[source]¶
Read PCAP-NG simple packet block (SPB).
Structure of Simple Packet Block:
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 | Block Type = 0x00000003 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4 | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 8 | Original Packet Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 12 / / / Packet Data / / variable length, padded to 32 bits / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Parameters:
schema (
SimplePacketBlock) – Parsed block schema.header (
PCAPNG) – Parsed PCAP-NG header schema.
- Return type:
- Returns:
Parsed packet data.
- _read_block_nrb(schema, *, header)[source]¶
Read PCAP-NG name resolution block (NRB).
Structure of Name Resolution Block:
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 | Block Type = 0x00000004 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4 | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 8 | Record Type | Record Value Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 12 / Record Value / / variable length, padded to 32 bits / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . . . . other records . . . . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Record Type = nrb_record_end | Record Value Length = 0 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / / Options (variable) / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Parameters:
schema (
NameResolutionBlock) – Parsed block schema.header (
PCAPNG) – Parsed PCAP-NG header schema.
- Return type:
- Returns:
Parsed packet data.
- _read_block_isb(schema, *, header)[source]¶
Read PCAP-NG interface statistics block (ISB).
Structure of Interface Statistics Block:
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 | Block Type = 0x00000005 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4 | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 8 | Interface ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 12 | Timestamp (High) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 16 | Timestamp (Low) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 20 / / / Options (variable) / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Parameters:
schema (
InterfaceStatisticsBlock) – Parsed block schema.header (
PCAPNG) – Parsed PCAP-NG header schema.
- Return type:
- Returns:
Parsed packet data.
- _read_block_systemd(schema, *, header)[source]¶
Read PCAP-NG systemd(1) journal export block.
Structure of systemd(1) Journal Export Block:
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 | Block Type = 0x00000009 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4 | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 8 / / / Journal Entry / / variable length, padded to 32 bits / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- Parameters:
schema (
SystemdJournalExportBlock) – Parsed block schema.header (
PCAPNG) – Parsed PCAP-NG header schema.
- Return type:
- Returns:
Parsed packet data.
- _read_block_dsb(schema, *, header)[source]¶
Read PCAP-NG decryption secrets block (DSB).
Structure of Decryption Secrets Block:
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 | Block Type = 0x0000000A | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4 | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 8 | Secrets Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 12 | Secrets Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 16 / / / Secrets Data / / (variable length, padded to 32 bits) / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / / Options (variable) / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / Block Total Length / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Parameters:
schema (
DecryptionSecretsBlock) – Parsed block schema.header (
PCAPNG) – Parsed PCAP-NG header schema.
- Return type:
- Returns:
Parsed packet data.
- _read_block_cb(schema, *, header)[source]¶
Read PCAP-NG custom block (CB).
Structure of Custom Block:
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 | Block Type = 0x00000BAD or 0x40000BAD | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4 | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 8 | Private Enterprise Number (PEN) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 12 / / / Custom Data / / variable length, padded to 32 bits / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / / Options (variable) / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Parameters:
schema (
CustomBlock) – Parsed block schema.header (
PCAPNG) – Parsed PCAP-NG header schema.
- Return type:
- Returns:
Parsed packet data.
- _read_block_packet(schema, *, header)[source]¶
Read PCAP-NG packet block (obsolete).
Structure of Packet Block:
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 | Block Type = 0x00000002 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4 | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 8 | Interface ID | Drops Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 12 | Timestamp (High) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 16 | Timestamp (Low) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 20 | Captured Packet Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 24 | Original Packet Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 28 / / / Packet Data / / variable length, padded to 32 bits / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / / Options (variable) / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Parameters:
schema (
PacketBlock) – Parsed block schema.header (
PCAPNG) – Parsed PCAP-NG header schema.
- Return type:
- Returns:
Parsed packet data.
- _read_pcapng_options(options_schema)[source]¶
Read PCAP-NG options.
Structure of PCAP-NG option:
1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Option Code | Option Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / Option Value / / variable length, padded to 32 bits / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / / . . . other options . . . / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Option Code == opt_endofopt | Option Length == 0 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- Parameters:
- Return type:
- Returns:
Parsed PCAP-NG options data.
- _read_option_unknown(schema, *, options)[source]¶
Read unknown PCAP-NG option.
- Parameters:
schema (
UnknownOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_endofopt(schema, *, options)[source]¶
Read PCAP-NG
opt_endofoptoption.- Parameters:
schema (
EndOfOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_comment(schema, *, options)[source]¶
Read PCAP-NG
opt_commentoption.- Parameters:
schema (
CommentOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_custom(schema, *, options)[source]¶
Read PCAP-NG
opt_customoption.Structure of PCAP-NG
opt_customoption:1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Custom Option Code | Option Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Private Enterprise Number (PEN) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / Custom Data / / variable length, padded to 32 bits / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- Parameters:
schema (
CustomOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_if_name(schema, *, options)[source]¶
Read PCAP-NG
if_nameoption.- Parameters:
schema (
IF_NameOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_if_description(schema, *, options)[source]¶
Read PCAP-NG
if_descriptionoption.- Parameters:
schema (
IF_DescriptionOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_if_ipv4(schema, *, options)[source]¶
Read PCAP-NG
if_IPv4addroption.- Parameters:
schema (
IF_IPv4AddrOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_if_ipv6(schema, *, options)[source]¶
Read PCAP-NG
if_IPv6addroption.- Parameters:
schema (
IF_IPv6AddrOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_if_mac(schema, *, options)[source]¶
Read PCAP-NG
if_MACaddroption.- Parameters:
schema (
IF_MACAddrOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_if_eui(schema, *, options)[source]¶
Read PCAP-NG
if_EUIaddroption.- Parameters:
schema (
IF_EUIAddrOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_if_speed(schema, *, options)[source]¶
Read PCAP-NG
if_speedoption.- Parameters:
schema (
IF_SpeedOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_if_tsresol(schema, *, options)[source]¶
Read PCAP-NG
if_tsresoloption.- Parameters:
schema (
IF_TSResolOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_if_tzone(schema, *, options)[source]¶
Read PCAP-NG
if_tzoneoption.- Parameters:
schema (
IF_TZoneOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_if_filter(schema, *, options)[source]¶
Read PCAP-NG
if_filteroption.- Parameters:
schema (
IF_FilterOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_if_os(schema, *, options)[source]¶
Read PCAP-NG
if_osoption.- Parameters:
schema (
IF_OSOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_if_fcslen(schema, *, options)[source]¶
Read PCAP-NG
if_fcslenoption.- Parameters:
schema (
IF_FCSLenOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_if_tsoffset(schema, *, options)[source]¶
Read PCAP-NG
if_tsoffsetoption.- Parameters:
schema (
IF_TSOffsetOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_if_hardware(schema, *, options)[source]¶
Read PCAP-NG
if_hardwareoption.- Parameters:
schema (
IF_HardwareOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_if_txspeed(schema, *, options)[source]¶
Read PCAP-NG
if_txspeedoption.- Parameters:
schema (
IF_TxSpeedOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_if_rxspeed(schema, *, options)[source]¶
Read PCAP-NG
if_rxspeedoption.- Parameters:
schema (
IF_RxSpeedOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_epb_flags(schema, *, options)[source]¶
Read PCAP-NG
epb_flagsoption.- Parameters:
schema (
EPB_FlagsOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_epb_hash(schema, *, options)[source]¶
Read PCAP-NG
epb_hashoption.- Parameters:
schema (
EPB_HashOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_epb_dropcount(schema, *, options)[source]¶
Read PCAP-NG
epb_dropcountoption.- Parameters:
schema (
EPB_DropCountOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_epb_packetid(schema, *, options)[source]¶
Read PCAP-NG
epb_packetidoption.- Parameters:
schema (
EPB_PacketIDOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_epb_queue(schema, *, options)[source]¶
Read PCAP-NG
epb_queueoption.- Parameters:
schema (
EPB_QueueOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_epb_verdict(schema, *, options)[source]¶
Read PCAP-NG
epb_verdictoption.- Parameters:
schema (
EPB_VerdictOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_ns_dnsname(schema, *, options)[source]¶
Read PCAP-NG
ns_dnsnameoption.- Parameters:
schema (
NS_DNSNameOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_ns_dnsipv4(schema, *, options)[source]¶
Read PCAP-NG
ns_dnsIP4addroption.- Parameters:
schema (
NS_DNSIP4AddrOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_ns_dnsipv6(schema, *, options)[source]¶
Read PCAP-NG
ns_dnsIP6addroption.- Parameters:
schema (
NS_DNSIP6AddrOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_isb_starttime(schema, *, options)[source]¶
Read PCAP-NG
isb_starttimeoption.- Parameters:
schema (
ISB_StartTimeOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_isb_endtime(schema, *, options)[source]¶
Read PCAP-NG
isb_endtimeoption.- Parameters:
schema (
ISB_EndTimeOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_isb_ifrecv(schema, *, options)[source]¶
Read PCAP-NG
isb_ifrecvoption.- Parameters:
schema (
ISB_IFRecvOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_isb_ifdrop(schema, *, options)[source]¶
Read PCAP-NG
isb_ifdropoption.- Parameters:
schema (
ISB_IFDropOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_isb_filteraccept(schema, *, options)[source]¶
Read PCAP-NG
isb_filteracceptoption.- Parameters:
schema (
ISB_FilterAcceptOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_isb_osdrop(schema, *, options)[source]¶
Read PCAP-NG
isb_osdropoption.- Parameters:
schema (
ISB_OSDropOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_isb_usrdeliv(schema, *, options)[source]¶
Read PCAP-NG
isb_usrdelivoption.- Parameters:
schema (
ISB_UsrDelivOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_pack_flags(schema, *, options)[source]¶
Read PCAP-NG
pack_flagsoption.- Parameters:
schema (
PACK_FlagsOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_option_pack_hash(schema, *, options)[source]¶
Read PCAP-NG
pack_hashoption.- Parameters:
schema (
PACK_HashOption) – Parsed option schema.options (
OrderedMultiDict[OptionType,Option]) – Parsed PCAP-NG options.
- Return type:
- Returns:
Constructed option data.
- _read_nrb_records(records_schema)[source]¶
Read PCAP-NG systemd(1) journal export records.
- Parameters:
records_schema (
list[NameResolutionRecord]) – Parsed systemd(1) journal export records.- Return type:
- Returns:
Parsed PCAP-NG systemd(1) journal export records data.
- _read_record_unknown(schema, *, records)[source]¶
Read PCAP-MG unknown systemd(1) journal export records.
- Parameters:
schema (
UnknownRecord) – Parsed systemd(1) journal export record schema.records (
OrderedMultiDict[RecordType,NameResolutionRecord]) – Parsed PCAP-NG records.
- Return type:
- Returns:
Constructed systemd(1) journal export record data.
- _read_record_end(schema, *, records)[source]¶
Read PCAP-MG
nrb_record_endsystemd(1) journal export records.- Parameters:
schema (
EndRecord) – Parsed systemd(1) journal export record schema.records (
OrderedMultiDict[RecordType,NameResolutionRecord]) – Parsed PCAP-NG records.
- Return type:
- Returns:
Constructed systemd(1) journal export record data.
- _read_record_ipv4(schema, *, records)[source]¶
Read PCAP-MG
nrb_record_ipv4systemd(1) journal export records.- Parameters:
schema (
IPv4Record) – Parsed systemd(1) journal export record schema.records (
OrderedMultiDict[RecordType,NameResolutionRecord]) – Parsed PCAP-NG records.
- Return type:
- Returns:
Constructed systemd(1) journal export record data.
- _read_record_ipv6(schema, *, records)[source]¶
Read PCAP-MG
nrb_record_ipv6systemd(1) journal export records.- Parameters:
schema (
IPv6Record) – Parsed systemd(1) journal export record schema.records (
OrderedMultiDict[RecordType,NameResolutionRecord]) – Parsed PCAP-NG records.
- Return type:
- Returns:
Constructed systemd(1) journal export record data.
- _read_secrets_unknown(schema, *, block)[source]¶
Read PCAP-NG unknown secrets.
- Parameters:
schema (
UnknownSecrets) – Parsed secret schema.block (
DecryptionSecretsBlock) – Parsed PCAP-NG decryption secrets block.
- Return type:
- _read_secrets_tls(schema, *, block)[source]¶
Read PCAP-NG TLS key log secrets.
- Parameters:
schema (
TLSKeyLog) – Parsed secret schema.block (
DecryptionSecretsBlock) – Parsed PCAP-NG decryption secrets block.
- Return type:
- _read_secrets_wireguard(schema, *, block)[source]¶
Read PCAP-NG WireGuard key log secrets.
- Parameters:
schema (
WireGuardKeyLog) – Parsed secret schema.block (
DecryptionSecretsBlock) – Parsed PCAP-NG decryption secrets block.
- Return type:
- Returns:
Constructed decryption secrets data.
- _read_secrets_zigbee_nwk(schema, *, block)[source]¶
Read PCAP-NG ZigBee NWK Key secrets.
Structure of ZigBee NWK Key secrets:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------------------------------------------------------+ 0 | Block Type = 0x0000000A | +---------------------------------------------------------------+ 4 | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 8 | Secrets Type = 0x5a4e574b | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 12 | Secrets Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 16 | AES-128 | | NKW Key | | (16 octets) | | (128 bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 32 | PAN ID | padding (0) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 36 / / / Options (variable) / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / Block Total Length / +---------------------------------------------------------------+
- Parameters:
schema (
ZigBeeNWKKey) – Parsed secret schema.block (
DecryptionSecretsBlock) – Parsed PCAP-NG decryption secrets block.
- Return type:
- Returns:
Constructed decryption secrets data.
- _read_secrets_zigbee_aps(schema, *, block)[source]¶
Read PCAP-NG ZigBee APS Key secrets.
Structure of ZigBee APS Key secrets:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------------------------------------------------------+ 0 | Block Type = 0x0000000A | +---------------------------------------------------------------+ 4 | Block Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 8 | Secrets Type = 0x5a415053 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 12 | Secrets Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 16 | AES-128 | | APS Key | | (16 octets) | | (128 bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 32 | PAN ID | Low Node Short Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 36 | High Node Short Address | padding (0) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 40 / / / Options (variable) / / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / Block Total Length / +---------------------------------------------------------------+
- Parameters:
schema (
ZigBeeAPSKey) – Parsed secret schema.block (
DecryptionSecretsBlock) – Parsed PCAP-NG decryption secrets block.
- Return type:
- Returns:
Constructed decryption secrets data.
- _make_block_unknown(block=None, *, data=b'', **kwargs)[source]¶
Make unknown PCAP-NG block.
- Parameters:
block (
Optional[UnknownBlock]) – Block data model.data (
bytes) – Unspecified block data.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed block schema.
- _make_block_shb(block=None, *, version=(1, 0), major_version=None, minor_version=None, section_length=-1, options=None, **kwargs)[source]¶
Make PCAP-NG section header block (SHB).
- Parameters:
block (
Optional[SectionHeaderBlock]) – Block data model.version (
tuple[int,int] |VersionInfo) – Version information.section_length (
int) – Section length.options (
Union[OrderedMultiDict[OptionType,Option],list[Option|tuple[OptionType,dict[str,Any]] |bytes],None]) – Block options.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed block schema.
- _make_block_idb(block=None, *, linktype=<LinkType.NULL: 0>, linktype_default=None, linktype_namespace=None, linktype_reversed=False, snaplen=18446744073709551615, options=None, **kwargs)[source]¶
Make PCAP-NG interface description block (IDB).
- Parameters:
block (
Optional[InterfaceDescriptionBlock]) – Block data model.linktype (
LinkType|IntEnum|IntEnum|str|int) – Link layer protocol type.linktype_default (
Optional[int]) – Default value of link layer protocol type.linktype_namespace (
Union[dict[str,int],dict[int,str],Type[IntEnum],Type[IntEnum],None]) – Namespace of link layer protocol type.linktype_reversed (
bool) – Reversed flag for link layer protocol type namespace.snaplen (
int) – Snap length.options (
Union[OrderedMultiDict[OptionType,Option],list[Option|tuple[OptionType,dict[str,Any]] |bytes],None]) – Block options.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed block schema.
- _make_block_epb(block=None, *, interface_id=0, timestamp=None, captured_len=None, original_len=None, packet_data=b'', options=None, **kwargs)[source]¶
Make PCAP-NG enhanced packet block (EPB).
- Parameters:
block (
Optional[EnhancedPacketBlock]) – Block data model.interface_id (
int) – Interface ID.timestmap – Packet timestamp.
packet_data (
bytes|ProtocolBase|Schema) – Payload of the block.options (
Union[OrderedMultiDict[OptionType,Option],list[Option|tuple[OptionType,dict[str,Any]] |bytes],None]) – Block options.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed block schema.
- _make_block_spb(block=None, *, original_len=None, packet_data=b'', **kwargs)[source]¶
Make PCAP-NG simple packet block (SPB).
- Parameters:
block (
Optional[SimplePacketBlock]) – Block data model.packet_data (
bytes|ProtocolBase|Schema) – Payload of the block.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed block schema.
- _make_block_nrb(block=None, *, records=None, options=None, **kwargs)[source]¶
Make PCAP-NG name resolution block (NRB).
- Parameters:
block (
Optional[NameResolutionBlock]) – Block data model.records (
Union[OrderedMultiDict[RecordType,NameResolutionRecord],list[NameResolutionRecord|tuple[RecordType,dict[str,Any]] |bytes],None]) – Name resolution records.options (
Union[OrderedMultiDict[OptionType,Option],list[Option|tuple[OptionType,dict[str,Any]] |bytes],None]) – Block options.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed block schema.
- _make_block_isb(block=None, *, interface_id=0, timestamp=None, options=None, **kwargs)[source]¶
Make PCAP-NG interface statistics block (ISB).
- Parameters:
block (
Optional[InterfaceStatisticsBlock]) – Block data model.interface_id (
int) – Interface ID.timestmap – Block timestamp.
options (
Union[OrderedMultiDict[OptionType,Option],list[Option|tuple[OptionType,dict[str,Any]] |bytes],None]) – Block options.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed block schema.
- _make_block_systemd(block=None, *, entries=None, **kwargs)[source]¶
Make PCAP-NG systemd(1) journal export block.
- Parameters:
block (
Optional[SystemdJournalExportBlock]) – Block data model.entries (
Union[list[OrderedMultiDict[str,str|bytes]],bytes,None]) – systemd(1) journal export entries.options – Block options.
**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed block schema.
- _make_block_dsb(block=None, *, secrets_type=<SecretsType.TLS_Key_Log: 1414288203>, secrets_type_default=None, secrets_type_namespace=None, secrets_type_reversed=False, secrets_data=b'', options=None, **kwargs)[source]¶
Make PCAP-NG decryption secrets block (DSB).
- Parameters:
block (
Optional[DecryptionSecretsBlock]) – Block data model.secrets_type (
SecretsType|IntEnum|IntEnum|str|int) – Decryption secrets type.secrets_type_default (
Optional[int]) – Default value of decryption secrets type.secrets_type_namespace (
Union[dict[str,int],dict[int,str],Type[IntEnum],Type[IntEnum],None]) – Namespace of decryption secrets type.secrets_type_reversed (
bool) – Reversed flag for namespace of decryption secrets type.secrets_data (
DSBSecrets|DSBSecrets|bytes|dict[str,Any]) – Decryption secrets data.options (
Union[OrderedMultiDict[OptionType,Option],list[Option|tuple[OptionType,dict[str,Any]] |bytes],None]) – Block options.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed block schema.
- _make_block_cb(block=None, *, pen=0, data=b'', options=None, **kwargs)[source]¶
Make PCAP-NG custom block (CB).
- Parameters:
block (
Optional[CustomBlock]) – Block data model.pen (
int) – Private enterprise number.options (
Union[OrderedMultiDict[OptionType,Option],list[Option|tuple[OptionType,dict[str,Any]] |bytes],None]) – Block options.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed block schema.
- _make_block_packet(block=None, *, interface_id=0, drop_count=0, timestamp=None, captured_len=None, original_len=None, packet_data=b'', options=None, **kwargs)[source]¶
Make PCAP-NG packet block (obsolete).
- Parameters:
block (
Optional[PacketBlock]) – Block data model.interface_id (
int) – Interface ID.drop_count (
int) – Drops count.timestmap – Packet timestamp.
packet_data (
bytes|ProtocolBase|Schema) – Payload of the block.options (
Union[OrderedMultiDict[OptionType,Option],list[Option|tuple[OptionType,dict[str,Any]] |bytes],None]) – Block options.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed block schema.
- _make_option_unknown(type, option=None, *, data=b'', **kwargs)[source]¶
Make unknown PCAP-NG option.
- Parameters:
type (
OptionType) – Option type.option (
Optional[UnknownOption]) – Option data model.data (
bytes) – Unspecified option data.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_endofopt(type, option=None, **kwargs)[source]¶
Make PCAP-NG
opt_endofoptoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[EndOfOption]) – Option data model.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_comment(type, option=None, *, comment='', **kwargs)[source]¶
Make PCAP-NG
opt_commentoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[CommentOption]) – Option data model.comment (
str) – Comment text.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_custom(type, option=None, *, pen=4294967295, data=b'', **kwargs)[source]¶
Make PCAP-NG
opt_customoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[CustomOption]) – Option data model.pen (
int) – Private enterprise number.data (
bytes) – Custom data.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_if_name(type, option=None, *, name='', **kwargs)[source]¶
Make PCAP-NG
if_nameoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[IF_NameOption]) – Option data model.name (
str) – Interface name.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_if_description(type, option=None, *, description='', **kwargs)[source]¶
Make PCAP-NG
if_descriptionoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[IF_DescriptionOption]) – Option data model.description (
str) – Interface description.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_if_ipv4(type, option=None, *, interface='192.168.1.1/255.255.255.0', **kwargs)[source]¶
Make PCAP-NG
if_IPv4addroption.- Parameters:
type (
OptionType) – Option type.option (
Optional[IF_IPv4AddrOption]) – Option data model.interface (
IPv4Interface|str) – IPv4 interface.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_if_ipv6(type, option=None, *, interface='2001:0db8:85a3:08d3:1319:8a2e:0370:7344/64', **kwargs)[source]¶
Make PCAP-NG
if_IPv6addroption.- Parameters:
type (
OptionType) – Option type.option (
Optional[IF_IPv6AddrOption]) – Option data model.interface (
IPv6Interface|str) – IPv6 interface.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_if_mac(type, option=None, *, interface='00:01:02:03:04:05', **kwargs)[source]¶
Make PCAP-NG
if_MACaddroption.- Parameters:
type (
OptionType) – Option type.option (
Optional[IF_MACAddrOption]) – Option data model.interface (
str|bytes|bytearray) – MAC interface address.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_if_eui(type, option=None, *, interface='02:34:56:FF:FE:78:9A:BC', **kwargs)[source]¶
Make PCAP-NG
if_EUIaddroption.- Parameters:
type (
OptionType) – Option type.option (
Optional[IF_EUIAddrOption]) – Option data model.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_if_speed(type, option=None, *, speed=100000000, **kwargs)[source]¶
Make PCAP-NG
if_speedoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[IF_SpeedOption]) – Option data model.speed (
int) – Interface speed, in bits per second.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_if_tsresol(type, option=None, *, resolution=1000000, **kwargs)[source]¶
Make PCAP-NG
if_tsresoloption.- Parameters:
type (
OptionType) – Option type.option (
Optional[IF_TSResolOption]) – Option data model.resolution (
int) – Resolution of timestamps, in units per second.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_if_tzone(type, option=None, *, tzone=0, **kwargs)[source]¶
Make PCAP-NG
if_tzoneoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[IF_TZoneOption]) – Option data model.tzone (
timezone|timedelta|int) – Timezone offset, in seconds.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_if_filter(type, option=None, *, filter=<FilterType.Unassigned_0: 0>, filter_default=None, filter_namespace=None, filter_reversed=False, expression=b'', **kwargs)[source]¶
Make PCAP-NG
if_filteroption.- Parameters:
type (
OptionType) – Option type.option (
Optional[IF_FilterOption]) – Option data model.filter (
FilterType|IntEnum|IntEnum|str|int) – Filter type.filter_namespace (
Union[dict[str,int],dict[int,str],Type[IntEnum],Type[IntEnum],None]) – Filter namespace.filter_reversed (
bool) – Whether filter namespace is reversed.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_if_os(type, option=None, *, os='macOS-15.7.1-arm64-arm-64bit-Mach-O', **kwargs)[source]¶
Make PCAP-NG
if_osoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[IF_OSOption]) – Option data model.os (
str) – Operating system name.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_if_fcslen(type, option=None, *, fcs_length=4, **kwargs)[source]¶
Make PCAP-NG
if_fcslenoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[IF_FCSLenOption]) – Option data model.fcs_length (
int) – FCS length, in bytes.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_if_tsoffset(type, option=None, *, offset=0, **kwargs)[source]¶
Make PCAP-NG
if_tsoffsetoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[IF_TSOffsetOption]) – Option data model.offset (
int) – Timestamp offset in seconds.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_if_hardware(type, option=None, *, hardware='arm', **kwargs)[source]¶
Make PCAP-NG
if_hardwareoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[IF_HardwareOption]) – Option data model.os – Operating system name.
**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_if_txspeed(type, option=None, *, speed=100000000, **kwargs)[source]¶
Make PCAP-NG
if_txspeedoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[IF_TxSpeedOption]) – Option data model.speed (
int) – Interface transmit speed, in bits per second.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_if_rxspeed(type, option=None, *, speed=100000000, **kwargs)[source]¶
Make PCAP-NG
if_rxspeedoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[IF_RxSpeedOption]) – Option data model.speed (
int) – Interface receive speed, in bits per second.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_epb_flags(type, option=None, *, direction=PacketDirection.UNKNOWN, direction_default=None, direction_namespace=None, direction_reversed=False, reception=PacketReception.UNKNOWN, reception_default=None, reception_namespace=None, reception_reversed=False, fcs_len=0, crc_error=False, too_long=False, too_short=False, gap_error=False, unaligned_error=False, delimiter_error=False, preamble_error=False, symbol_error=False, **kwargs)[source]¶
Make PCAP-NG
epb_flagsoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[EPB_FlagsOption]) – Option data model.direction (
PacketDirection|IntEnum|IntEnum|str|int) – Packet direction.direction_default (
Optional[int]) – Default value of packet direction.direction_namespace (
Union[dict[str,int],dict[int,str],Type[IntEnum],Type[IntEnum],None]) – Namespace of packet direction.direction_reversed (
bool) – Whether to reverse packet direction namespace.reception (
PacketReception|IntEnum|IntEnum|str|int) – Packet reception.reception_default (
Optional[int]) – Default value of packet reception.reception_namespace (
Union[dict[str,int],dict[int,str],Type[IntEnum],Type[IntEnum],None]) – Namespace of packet reception.reception_reversed (
bool) – Whether to reverse packet reception namespace.fcs_len (
int) – Length of FCS field, in bytes.crc_error (
bool) – Whether CRC error occurred.too_long (
bool) – Whether packet is too long.too_short (
bool) – Whether packet is too short.gap_error (
bool) – Whether gap error occurred.unaligned_error (
bool) – Whether unaligned error occurred.delimiter_error (
bool) – Whether delimiter error occurred.preamble_error (
bool) – Whether preamble error occurred.symbol_error (
bool) – Whether symbol error occurred.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_epb_hash(type, option=None, *, algorithm=<HashAlgorithm.two_s_complement: 0>, algorithm_default=None, algorithm_namespace=None, algorithm_reversed=False, hash=b'', **kwargs)[source]¶
Make PCAP-NG
epb_hashoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[EPB_HashOption]) – Option data model.algorithm (
HashAlgorithm|IntEnum|IntEnum|int|str) – Hash algorithm.algorithm_default (
Optional[int]) – Default value of hash algorithm.algorithm_namespace (
Union[dict[str,int],dict[int,str],Type[IntEnum],Type[IntEnum],None]) – Namespace of hash algorithm.algorithm_reversed (
bool) – Whether to reverse hash algorithm namespace.hash (
bytes) – Hash value.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_epb_dropcount(type, option=None, *, drop_count=0, **kwargs)[source]¶
Make PCAP-NG
epb_dropcountoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[EPB_DropCountOption]) – Option data model.drop_count (
int) – Number of dropped packets.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_epb_packetid(type, option=None, *, packet_id=0, **kwargs)[source]¶
Make PCAP-NG
epb_packetidoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[EPB_PacketIDOption]) – Option data model.packet_id (
int) – Packet ID.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_epb_queue(type, option=None, *, queue_id=0, **kwargs)[source]¶
Make PCAP-NG
epb_queueoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[EPB_QueueOption]) – Option data model.queue_id (
int) – Queue ID.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_epb_verdict(type, option=None, *, verdict=<VerdictType.Hardware: 0>, verdict_default=None, verdict_namespace=None, verdict_reversed=False, value=b'', **kwargs)[source]¶
Make PCAP-NG
epb_verdictoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[EPB_VerdictOption]) – Option data model.verdict (
VerdictType|IntEnum|IntEnum|str|int) – Verdict type.verdict_default (
Optional[int]) – Default value for verdict.verdict_namespace (
Union[dict[str,int],dict[int,str],Type[IntEnum],Type[IntEnum],None]) – Namespace for verdict.verdict_reversed (
bool) – Whether to reverse the namespace.value (
bytes) – Verdict value.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_ns_dnsname(type, option=None, *, name='', **kwargs)[source]¶
Make PCAP-NG
ns_dnsnameoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[NS_DNSNameOption]) – Option data model.name (
str) – DNS server name.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_ns_dnsipv4(type, option=None, *, ip='8.8.8.8', **kwargs)[source]¶
Make PCAP-NG
ns_dnsip4addroption.- Parameters:
type (
OptionType) – Option type.option (
Optional[NS_DNSIP4AddrOption]) – Option data model.ip (
str|bytes|IPv4Address|int) – DNS server IPv4 address.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_ns_dnsipv6(type, option=None, *, ip='8.8.8.8', **kwargs)[source]¶
Make PCAP-NG
ns_dnsip6addroption.- Parameters:
type (
OptionType) – Option type.option (
Optional[NS_DNSIP6AddrOption]) – Option data model.ip (
str|bytes|IPv6Address|int) – DNS server IPv6 address.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_isb_starttime(type, option=None, *, timestamp=None, **kwargs)[source]¶
Make PCAP-NG
isb_starttimeoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[ISB_StartTimeOption]) – Option data model.ip – DNS server IPv6 address.
**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_isb_endtime(type, option=None, *, timestamp=None, **kwargs)[source]¶
Make PCAP-NG
isb_endtimeoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[ISB_EndTimeOption]) – Option data model.ip – DNS server IPv6 address.
**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_isb_ifrecv(type, option=None, *, packets=0, **kwargs)[source]¶
Make PCAP-NG
isb_ifrecvoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[ISB_IFRecvOption]) – Option data model.packets (
int) – Number of received packets.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_isb_ifdrop(type, option=None, *, packets=0, **kwargs)[source]¶
Make PCAP-NG
isb_ifdropoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[ISB_IFDropOption]) – Option data model.packets (
int) – Number of dropped packets.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_isb_filteraccept(type, option=None, *, packets=0, **kwargs)[source]¶
Make PCAP-NG
isb_filteracceptoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[ISB_FilterAcceptOption]) – Option data model.packets (
int) – Number of packets accepted by the filter.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_isb_osdrop(type, option=None, *, packets=0, **kwargs)[source]¶
Make PCAP-NG
isb_osdropoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[ISB_OSDropOption]) – Option data model.packets (
int) – Number of packets dropped by the OS.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_isb_usrdeliv(type, option=None, *, packets=0, **kwargs)[source]¶
Make PCAP-NG
isb_usrdelivoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[ISB_UsrDelivOption]) – Option data model.packets (
int) – Number of dropped packets.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_pack_flags(type, option=None, *, direction=PacketDirection.UNKNOWN, direction_default=None, direction_namespace=None, direction_reversed=False, reception=PacketReception.UNKNOWN, reception_default=None, reception_namespace=None, reception_reversed=False, fcs_len=0, crc_error=False, too_long=False, too_short=False, gap_error=False, unaligned_error=False, delimiter_error=False, preamble_error=False, symbol_error=False, **kwargs)[source]¶
Make PCAP-NG
pack_flagsoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[PACK_FlagsOption]) – Option data model.direction (
PacketDirection|IntEnum|IntEnum|str|int) – Packet direction.direction_default (
Optional[int]) – Default value of packet direction.direction_namespace (
Union[dict[str,int],dict[int,str],Type[IntEnum],Type[IntEnum],None]) – Namespace of packet direction.direction_reversed (
bool) – Whether to reverse packet direction namespace.reception (
PacketReception|IntEnum|IntEnum|str|int) – Packet reception.reception_default (
Optional[int]) – Default value of packet reception.reception_namespace (
Union[dict[str,int],dict[int,str],Type[IntEnum],Type[IntEnum],None]) – Namespace of packet reception.reception_reversed (
bool) – Whether to reverse packet reception namespace.fcs_len (
int) – Length of FCS field, in bytes.crc_error (
bool) – Whether CRC error occurred.too_long (
bool) – Whether packet is too long.too_short (
bool) – Whether packet is too short.gap_error (
bool) – Whether gap error occurred.unaligned_error (
bool) – Whether unaligned error occurred.delimiter_error (
bool) – Whether delimiter error occurred.preamble_error (
bool) – Whether preamble error occurred.symbol_error (
bool) – Whether symbol error occurred.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_option_pack_hash(type, option=None, *, algorithm=<HashAlgorithm.two_s_complement: 0>, algorithm_default=None, algorithm_namespace=None, algorithm_reversed=False, hash=b'', **kwargs)[source]¶
Make PCAP-NG
pack_hashoption.- Parameters:
type (
OptionType) – Option type.option (
Optional[PACK_HashOption]) – Option data model.algorithm (
HashAlgorithm|IntEnum|IntEnum|int|str) – Hash algorithm.algorithm_default (
Optional[int]) – Default value of hash algorithm.algorithm_namespace (
Union[dict[str,int],dict[int,str],Type[IntEnum],Type[IntEnum],None]) – Namespace of hash algorithm.algorithm_reversed (
bool) – Whether to reverse hash algorithm namespace.hash (
bytes) – Hash value.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed option schema.
- _make_nrb_records(records)[source]¶
Make systemd(1) journal export records for PCAP-NG.
- Parameters:
records (
OrderedMultiDict[RecordType,NameResolutionRecord] |list[NameResolutionRecord|tuple[RecordType,dict[str,Any]] |bytes]) – PCAP-NG systemd(1) journal export records.- Return type:
- Returns:
Tuple of systemd(1) journal export records and total length of the records.
- _make_record_unknown(type, record, *, data=b'', **kwargs)[source]¶
Make PCAP-NG unknown systemd(1) journal export record.
- Parameters:
type (
RecordType) – Record type.record (
Optional[UnknownRecord]) – Record data model.data (
bytes) – Record data.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed record schema.
- _make_record_end(type, record=None, **kwargs)[source]¶
Make PCAP-NG
nrb_record_endsystemd(1) journal export record.- Parameters:
type (
RecordType) – Record type.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed record schema.
- _make_record_ipv4(type, record, *, ip='127.0.0.1', names=None, **kwargs)[source]¶
Make PCAP-NG
nrb_record_ipv4systemd(1) journal export record.- Parameters:
type (
RecordType) – Record type.record (
Optional[IPv4Record]) – Record data model.ip (
IPv4Address|str|bytes|int) – IPv4 address.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed record schema.
- _make_record_ipv6(type, record, *, ip='127.0.0.1', names=None, **kwargs)[source]¶
Make PCAP-NG
nrb_record_ipv6systemd(1) journal export record.- Parameters:
type (
RecordType) – Record type.record (
Optional[IPv6Record]) – Record data model.ip (
IPv6Address|str|bytes|int) – IPv6 address.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed record schema.
- _make_secrets_unknown(type, secrets=None, *, data=b'', **kwargs)[source]¶
Make PCAP-NG unknown secrets.
- Parameters:
type (
SecretsType) – Secrets type.secrets (
Optional[UnknownSecrets]) – Secrets data model.data (
bytes) – Secrets data.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed secrets schema.
- _make_secrets_tls(type, secrets=None, *, entries=None, **kwargs)[source]¶
Make PCAP-NG TLS Key Log secrets.
- Parameters:
type (
SecretsType) – Secrets type.entries (
Optional[dict[TLSKeyLabel,OrderedMultiDict[bytes,bytes]]]) – TLS Key Log entries.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed secrets schema.
- _make_secrets_wireguard(type, secrets=None, *, entries=None, **kwargs)[source]¶
Make PCAP-NG WireGuard secrets.
- Parameters:
type (
SecretsType) – Secrets type.secrets (
Optional[WireGuardKeyLog]) – Secrets data model.data – Secrets data.
**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed secrets schema.
- _make_secrets_zigbee_nwk(type, secrets=None, *, nwk_key=b'', pan_id=0, **kwargs)[source]¶
Make PCAP-NG ZigBee NWK Key secrets.
- Parameters:
type (
SecretsType) – Secrets type.secrets (
Optional[ZigBeeNWKKey]) – Secrets data model.nwk_key (
bytes) – NWK key.pan_id (
int) – PAN ID.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed secrets schema.
- _make_secrets_zigbee_aps(type, secrets=None, *, aps_key=b'', pan_id=0, short_address=0, **kwargs)[source]¶
Make PCAP-NG ZigBee APS Key secrets.
- Parameters:
type (
SecretsType) – Secrets type.secrets (
Optional[ZigBeeAPSKey]) – Secrets data model.aps_key (
bytes) – APS key.pan_id (
int) – PAN ID.short_address (
int) – Short address.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
- Returns:
Constructed secrets schema.
- __proto__: DefaultDict[Enum_LinkType | int, ModuleDescriptor[Protocol] | Type[Protocol]]¶
Protocol index mapping for decoding next layer, c.f.
self._decode_next_layer&self._import_next_layer. The values should be a tuple representing the module name and class name, or aProtocolsubclass.- Type:
DefaultDict[Enum_LinkType, ModuleDescriptor[Protocol] | Type[Protocol]]
- __block__: DefaultDict[Enum_BlockType | int, str | tuple[BlockParser, BlockConstructor]]¶
Block type to method mapping. Method names are expected to be referred to the class by
_read_block_${name}and/or_make_block_${name}, and if such name not found, the value should then be a method that can parse the block by itself.
- __option__: DefaultDict[Enum_OptionType | int, str | tuple[OptionParser, OptionConstructor]]¶
Block option type to method mapping. Method names are expected to be referred to the class by
_read_option_${name}and/or_make_option_${name}, and if such name not found, the value should then be a method that can parse the option by itself.
- __record__: DefaultDict[Enum_RecordType | int, str | tuple[RecordParser, RecordConstructor]]¶
systemd(1) Journal Export record type to method mapping. Method names are expected to be referred to the class by
_read_record_${name}and/or_make_record_${name}, and if such name not found, the value should then be a method that can parse the name record by itself.
- __secrets__: DefaultDict[Enum_SecretsType | int, str | tuple[SecretsParser, SecretsConstructor]]¶
Decryption secrets type to method mapping. Method names are expected to be referred to the class by
_read_secrets_${name}and/or_make_secrets_${name}, and if such name not found, the value should then be a method that can parse the decryption secrets by itself.
- __post_init__(file=None, length=None, *, num, sct, ctx, **kwargs)[source]¶
Initialisation.
- Parameters:
- Return type:
Notes
For the first block,
numwill be set to0and ctx asNone, such that we can be sure that the first block is the section header block.See also
For construction argument, please refer to
make().
- __index__()[source]¶
Index of the block.
- Parameters:
- Return type:
- Returns:
If the object is initiated, i.e.
self._fnumexists, and is of a packet block (EPB, ISB or Packet), returns the block index number of itself; else raisesUnsupportedCall.- Raises:
UnsupportedCall – This protocol has no registry entry.
Auxiliary Data¶
- class pcapkit.protocols.misc.pcapng.PacketDirection(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]¶
Bases:
IntEnumPacket direction for
epb_flagsoptions.- UNKNOWN = 0¶
Information not available.
- INBOUND = 1¶
Inbound packet.
- OUTBOUND = 2¶
Outbound packet.
- class pcapkit.protocols.misc.pcapng.PacketReception(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]¶
Bases:
IntEnumReception type for
epb_flagsoptions.- UNKNOWN = 0¶
Not specified.
- UNICAST = 1¶
Unicast.
- MULTICAST = 2¶
Multicast.
- BROADCAST = 3¶
Broadcast.
- PROMISCUOUS = 4¶
Promiscuous.
- class pcapkit.protocols.misc.pcapng.TLSKeyLabel(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]¶
Bases:
StrEnumTLS key log label.
- RSA = 'RSA'¶
- CLIENT_RANDOM = 'CLIENT_RANDOM'¶
- CLIENT_EARLY_TRAFFIC_SECRET = 'CLIENT_EARLY_TRAFFIC_SECRET'¶
- CLIENT_HANDSHAKE_TRAFFIC_SECRET = 'CLIENT_HANDSHAKE_TRAFFIC_SECRET'¶
- SERVER_HANDSHAKE_TRAFFIC_SECRET = 'SERVER_HANDSHAKE_TRAFFIC_SECRET'¶
- CLIENT_TRAFFIC_SECRET_0 = 'CLIENT_TRAFFIC_SECRET_0'¶
- SERVER_TRAFFIC_SECRET_0 = 'SERVER_TRAFFIC_SECRET_0'¶
- EARLY_EXPORTER_SECRET = 'EARLY_EXPORTER_SECRET'¶
- EXPORTER_SECRET = 'EXPORTER_SECRET'¶
- static _generate_next_value_(name, start, count, last_values)¶
Return the lower-cased version of the member name.
- class pcapkit.protocols.misc.pcapng.WireGuardKeyLabel(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]¶
Bases:
StrEnumWireGuard key log label.
- LOCAL_STATIC_PRIVATE_KEY = 'LOCAL_STATIC_PRIVATE_KEY'¶
- REMOTE_STATIC_PUBLIC_KEY = 'REMOTE_STATIC_PUBLIC_KEY'¶
- LOCAL_EPHEMERAL_PRIVATE_KEY = 'LOCAL_EPHEMERAL_PRIVATE_KEY'¶
- PRESHARED_KEY = 'PRESHARED_KEY'¶
- static _generate_next_value_(name, start, count, last_values)¶
Return the lower-cased version of the member name.
Header Schemas¶
- class pcapkit.protocols.schema.misc.pcapng.PCAPNG(dict_=None, **kwargs)[source]¶
Bases:
SchemaHeader schema for PCAP-NG file blocks.
- type: Enum_BlockType = <EnumField type>¶
Block type.
- block: BlockType = <SwitchField block>¶
Block specific data.
- class pcapkit.protocols.schema.misc.pcapng.BlockType(dict_=None, **kwargs)[source]¶
Bases:
EnumSchema[BlockType]Header schema for PCAP-NG file blocks.
- class pcapkit.protocols.schema.misc.pcapng.UnknownBlock(dict_=None, **kwargs)[source]¶
Bases:
BlockTypeHeader schema for unknown PCAP-NG file blocks.
- length: int = <UInt32Field length>¶
Block total length.
- body: bytes = <BytesField body>¶
Block body (including padding).
- length2: int = <UInt32Field length2>¶
Block total length.
- class pcapkit.protocols.schema.misc.pcapng.SectionHeaderBlock(dict_=None, **kwargs)[source]¶
Bases:
BlockTypeHeader schema for PCAP-NG Section Header Block (SHB).
- match: ByteorderTest = <ForwardMatchField match>¶
Fast forward field to test the byteorder.
- length: int = <UInt32Field length>¶
Block total length.
- magic: Literal[0x1A2B3C4D] = <UInt32Field magic>¶
Byte order magic number.
- major: int = <UInt16Field major>¶
Major version number.
- minor: int = <UInt16Field minor>¶
Minor version number.
- section_length: int = <Int64Field section_length>¶
Section length.
- options: list[Option] = <OptionField options>¶
Options.
- padding: bytes = <PaddingField padding>¶
Padding.
- length2: int = <UInt32Field length2>¶
Block total length.
- pre_pack(packet)[source]¶
Prepare
packetdata for packing process.Note
This method is expected to directly modify any data stored in the
packetand thus no return is required.
- post_process(packet)[source]¶
Revise
schemadata after unpacking process.This method calculate the byteorder value based on the parsed schema.
- Parameters:
- Return type:
- Returns:
Revised schema.
- byteorder: Literal['big', 'little']¶
Byteorder.
- class pcapkit.protocols.schema.misc.pcapng.InterfaceDescriptionBlock(dict_=None, **kwargs)[source]¶
Bases:
BlockTypeHeader schema for PCAP-NG Interface Description Block (IDB).
- length: int = <UInt32Field length>¶
Block total length.
- linktype: Enum_LinkType = <EnumField linktype>¶
Link type.
- reserved: bytes = <PaddingField reserved>¶
Reserved.
- snaplen: int = <UInt32Field snaplen>¶
Snap length.
- options: list[Option] = <OptionField options>¶
Options.
- padding: bytes = <PaddingField padding>¶
Padding.
- length2: int = <UInt32Field length2>¶
Block total length.
- class pcapkit.protocols.schema.misc.pcapng.EnhancedPacketBlock(dict_=None, **kwargs)[source]¶
Bases:
BlockTypeHeader schema for PCAP-NG Enhanced Packet Block (EPB).
- length: int = <UInt32Field length>¶
Block total length.
- interface_id: int = <UInt32Field interface_id>¶
Interface ID.
- timestamp_high: int = <UInt32Field timestamp_high>¶
Higher 32-bit of timestamp (in seconds).
- timestamp_low: int = <UInt32Field timestamp_low>¶
Lower 32-bit of timestamp (in seconds).
- captured_len: int = <UInt32Field captured_len>¶
Captured packet length.
- original_len: int = <UInt32Field original_len>¶
Original packet length.
- packet_data: bytes = <PayloadField packet_data>¶
Packet data.
- padding_data: bytes = <PaddingField padding_data>¶
Padding.
- options: list[Option] = <OptionField options>¶
Options.
- padding_opts: bytes = <PaddingField padding_opts>¶
Padding.
- length2: int = <UInt32Field length2>¶
Block total length.
- class pcapkit.protocols.schema.misc.pcapng.SimplePacketBlock(dict_=None, **kwargs)[source]¶
Bases:
BlockTypeHeader schema for PCAP-NG Simple Packet Block (SPB).
- length: int = <UInt32Field length>¶
Block total length.
- original_len: int = <UInt32Field original_len>¶
Original packet length.
- packet_data: bytes = <PayloadField packet_data>¶
Packet data.
- padding: bytes = <PaddingField padding>¶
Padding.
- length2: int = <UInt32Field length2>¶
Block total length.
- class pcapkit.protocols.schema.misc.pcapng.NameResolutionBlock(dict_=None, **kwargs)[source]¶
Bases:
BlockTypeHeader schema for PCAP-NG Name Resolution Block (NRB).
- length: int = <UInt32Field length>¶
Record total length.
- records: list[NameResolutionRecord] = <OptionField records>¶
Name resolution records.
- options: list[Option] = <OptionField options>¶
Options.
- padding: bytes = <PaddingField padding>¶
Padding.
- length2: int = <UInt32Field length2>¶
Block total length.
- mapping: MultiDict[IPv4Address | IPv6Address, str]¶
Name resolution mapping (IP address -> name).
- reverse_mapping: MultiDict[str, IPv4Address | IPv6Address]¶
Name resolution mapping (name -> IP address).
- class pcapkit.protocols.schema.misc.pcapng.InterfaceStatisticsBlock(dict_=None, **kwargs)[source]¶
Bases:
BlockTypeHeader schema for PCAP-NG Interface Statistics Block (ISB).
- length: int = <UInt32Field length>¶
Block total length.
- interface_id: int = <UInt32Field interface_id>¶
Interface ID.
- timestamp_high: int = <UInt32Field timestamp_high>¶
Timestamp (higher 32 bits).
- timestamp_low: int = <UInt32Field timestamp_low>¶
Timestamp (lower 32 bits).
- options: list[Option] = <OptionField options>¶
Options.
- padding: bytes = <PaddingField padding>¶
Padding.
- length2: int = <UInt32Field length2>¶
Block total length.
- class pcapkit.protocols.schema.misc.pcapng.SystemdJournalExportBlock(dict_=None, **kwargs)[source]¶
Bases:
BlockTypeHeader schema for PCAP-NG systemd(1) Journal Export Block.
- length: int = <UInt32Field length>¶
Block total length.
- entry: bytes = <BytesField entry>¶
Journal entry.
- length2: int = <UInt32Field length2>¶
Block total length.
- data: list[OrderedMultiDict[str, str | bytes]]¶
Journal entry (decoded).
- class pcapkit.protocols.schema.misc.pcapng.DecryptionSecretsBlock(dict_=None, **kwargs)[source]¶
Bases:
BlockTypeHeader schema for PCAP-NG Decryption Secrets Block (DSB).
- length: int = <UInt32Field length>¶
Block total length.
- secrets_type: Enum_SecretsType = <EnumField secrets_type>¶
Secrets type.
- secrets_length: int = <UInt32Field secrets_length>¶
Secrets length.
- secrets_data: DSBSecrets = <SwitchField secrets_data>¶
Secrets data.
- padding_data: bytes = <BytesField padding_data>¶
Padding.
- options: list[Option] = <OptionField options>¶
Options.
- padding_opts: bytes = <PaddingField padding_opts>¶
Padding.
- length2: int = <UInt32Field length2>¶
Block total length.
- class pcapkit.protocols.schema.misc.pcapng.CustomBlock(dict_=None, **kwargs)[source]¶
Bases:
BlockTypeHeader schema for PCAP-NG Custom Block (CB).
- length: int = <UInt32Field length>¶
Block total length.
- pen: int = <UInt32Field pen>¶
Private enterprise number.
- data: bytes = <BytesField data>¶
Custom data.
- padding: bytes = <BytesField padding>¶
Padding.
- length2: int = <UInt32Field length2>¶
Block total length.
- class pcapkit.protocols.schema.misc.pcapng.PacketBlock(dict_=None, **kwargs)[source]¶
Bases:
BlockTypeHeader schema for PCAP-NG Packet Block (obsolete).
- length: int = <UInt32Field length>¶
Block total length.
- interface_id: int = <UInt32Field interface_id>¶
Interface ID.
- drop_count: int = <UInt32Field drop_count>¶
Drops count.
- timestamp_high: int = <UInt32Field timestamp_high>¶
Timestamp (high).
- timestamp_low: int = <UInt32Field timestamp_low>¶
Timestamp (low).
- captured_length: int = <UInt32Field captured_length>¶
Captured packet length.
- original_length: int = <UInt32Field original_length>¶
Original packet length.
- packet_data: bytes = <PayloadField packet_data>¶
Packet data.
- padding_data: bytes = <BytesField padding_data>¶
Padding.
- options: list[Option] = <OptionField options>¶
Options.
- padding_opts: bytes = <PaddingField padding_opts>¶
Padding.
- length2: int = <UInt32Field length2>¶
Block total length.
- class pcapkit.protocols.schema.misc.pcapng.Option(dict_=None, **kwargs)[source]¶
Bases:
EnumSchema[OptionType]Header schema for PCAP-NG file options.
- classmethod __init_subclass__(code=None, namespace=None, *args, **kwargs)[source]¶
Register option type to
__enum__mapping.- Parameters:
code (
Union[OptionType,Iterable[OptionType],None]) – Option type code. It can be either a single option type enumeration or a list of option type enumerations.namespace (
Optional[str]) – Namespace of option type enumeration. If not given, the value will be inferred from the option type code.*args (
Any) – Arbitrary positional arguments.**kwargs (
Any) – Arbitrary keyword arguments.
- Return type:
If
codeis provided, the subclass will be registered to the__enum__mapping with the givencode. Ifcodeis not given, the subclass will not be registered.Examples
from pcapkit.const.pcapng.option_type import OptionType as Enum_OptionType from pcapkit.protocols.schema.misc.pcapng improt Option class NewOption(Option, namespace='opt', code=Enum_OptionType.opt_new): ...
- type: Enum_OptionType¶
Option type.
- length: int¶
Option data length.
- class pcapkit.protocols.schema.misc.pcapng._OPT_Option(dict_=None, **kwargs)[source]¶
Bases:
OptionHeader schema for
opt_*options.- type: Enum_OptionType = <OptionEnumField type>¶
Option type.
- length: int = <UInt16Field length>¶
Option data length.
- class pcapkit.protocols.schema.misc.pcapng.UnknownOption(dict_=None, **kwargs)[source]¶
Bases:
_OPT_OptionHeader schema for unknown PCAP-NG file options.
- data: bytes = <BytesField data>¶
Option value.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.EndOfOption(dict_=None, **kwargs)[source]¶
Bases:
_OPT_OptionHeader schema for PCAP-NG file
opt_endofoptoptions.
- class pcapkit.protocols.schema.misc.pcapng.CommentOption(dict_=None, **kwargs)[source]¶
Bases:
_OPT_OptionHeader schema for PCAP-NG file
opt_commentoptions.- comment: str = <StringField comment>¶
Comment text.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.CustomOption(dict_=None, **kwargs)[source]¶
Bases:
_OPT_OptionHeader schema for PCAP-NG file
opt_customoptions.- pen: int = <UInt32Field pen>¶
Private enterprise number (PEN).
- data: bytes = <BytesField data>¶
Custom data.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng._IF_Option(dict_=None, **kwargs)[source]¶
Bases:
OptionHeader schema for
if_*options.- type: Enum_OptionType = <OptionEnumField type>¶
Option type.
- length: int = <UInt16Field length>¶
Option data length.
- class pcapkit.protocols.schema.misc.pcapng.IF_NameOption(dict_=None, **kwargs)[source]¶
Bases:
_IF_OptionHeader schema for PCAP-NG file
if_nameoptions.- name: str = <StringField name>¶
Interface name.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.IF_DescriptionOption(dict_=None, **kwargs)[source]¶
Bases:
_IF_OptionHeader schema for PCAP-NG file
if_descriptionoptions.- description: str = <StringField description>¶
Interface description.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.IF_IPv4AddrOption(dict_=None, **kwargs)[source]¶
Bases:
_IF_OptionHeader schema for PCAP-NG file
if_IPv4addroptions.- interface: IPv4Interface = <IPv4InterfaceField interface>¶
IPv4 interface.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.IF_IPv6AddrOption(dict_=None, **kwargs)[source]¶
Bases:
_IF_OptionHeader schema for PCAP-NG file
if_IPv6addroptions.- interface: IPv6Interface = <IPv6InterfaceField interface>¶
IPv6 interface.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.IF_MACAddrOption(dict_=None, **kwargs)[source]¶
Bases:
_IF_OptionHeader schema for PCAP-NG file
if_MACaddroptions.- interface: bytes = <BytesField interface>¶
MAC interface.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.IF_EUIAddrOption(dict_=None, **kwargs)[source]¶
Bases:
_IF_OptionHeader schema for PCAP-NG file
if_EUIaddroptions.- interface: bytes = <BytesField interface>¶
EUI interface.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.IF_SpeedOption(dict_=None, **kwargs)[source]¶
Bases:
_IF_OptionHeader schema for PCAP-NG file
if_speedoptions.- speed: int = <UInt64Field speed>¶
Interface speed, in bits per second.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.IF_TSResolOption(dict_=None, **kwargs)[source]¶
Bases:
_IF_OptionHeader schema for PCAP-NG file
if_tsresoloptions.- tsresol: ResolutionData = <BitField tsresol>¶
Interface timestamp resolution, in units per second.
- padding: bytes = <PaddingField padding>¶
Padding.
- post_process(packet)[source]¶
Revise
schemadata after unpacking process.- Parameters:
- Return type:
- Returns:
Revised schema.
- resolution: int¶
Interface timestamp resolution, in units per second.
- class pcapkit.protocols.schema.misc.pcapng.IF_TZoneOption(dict_=None, **kwargs)[source]¶
Bases:
_IF_OptionHeader schema for PCAP-NG file
if_tzoneoptions.- tzone: int = <Int32Field tzone>¶
Interface time zone (as in seconds difference from GMT).
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.IF_FilterOption(dict_=None, **kwargs)[source]¶
Bases:
_IF_OptionHeader schema for PCAP-NG file
if_filteroptions.- code: Enum_FilterType = <EnumField code>¶
Filter code.
- filter: bytes = <BytesField filter>¶
Capture filter.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.IF_OSOption(dict_=None, **kwargs)[source]¶
Bases:
_IF_OptionHeader schema for PCAP-NG file
if_osoptions.- os: str = <StringField os>¶
OS information.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.IF_FCSLenOption(dict_=None, **kwargs)[source]¶
Bases:
_IF_OptionHeader schema for PCAP-NG file
if_fcslenoptions.- fcslen: int = <UInt8Field fcslen>¶
FCS length.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.IF_TSOffsetOption(dict_=None, **kwargs)[source]¶
Bases:
_IF_OptionHeader schema for PCAP-NG file
if_tsoffsetoptions.- tsoffset: int = <Int64Field tsoffset>¶
Timestamp offset (in seconds).
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.IF_HardwareOption(dict_=None, **kwargs)[source]¶
Bases:
_IF_OptionHeader schema for PCAP-NG file
if_hardwareoptions.- hardware: str = <StringField hardware>¶
Hardware information.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.IF_TxSpeedOption(dict_=None, **kwargs)[source]¶
Bases:
_IF_OptionHeader schema for PCAP-NG file
if_txspeedoptions.- tx_speed: int = <UInt64Field tx_speed>¶
Interface transmit speed, in bits per second.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.IF_RxSpeedOption(dict_=None, **kwargs)[source]¶
Bases:
_IF_OptionHeader schema for PCAP-NG file
if_rxspeedoptions.- rx_speed: int = <UInt64Field rx_speed>¶
Interface receive speed, in bits per second.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng._EPB_Option(dict_=None, **kwargs)[source]¶
Bases:
OptionHeader schema for
epb_*options.- type: Enum_OptionType = <OptionEnumField type>¶
Option type.
- length: int = <UInt16Field length>¶
Option data length.
- class pcapkit.protocols.schema.misc.pcapng.EPB_FlagsOption(dict_=None, **kwargs)[source]¶
Bases:
_EPB_OptionHeader schema for PCAP-NG
epb_flagsoptions.- flags: EPBFlags = <BitField flags>¶
Flags.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.EPB_HashOption(dict_=None, **kwargs)[source]¶
Bases:
_EPB_OptionHeader schema for PCAP-NG
epb_hashoptions.- func: Enum_HashAlgorithm = <EnumField func>¶
Hash algorithm.
- data: bytes = <BytesField data>¶
Hash value.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.EPB_DropCountOption(dict_=None, **kwargs)[source]¶
Bases:
_EPB_OptionHeader schema for PCAP-NG
epb_dropcountoptions.- drop_count: int = <UInt64Field drop_count>¶
Number of packets dropped by the interface.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.EPB_PacketIDOption(dict_=None, **kwargs)[source]¶
Bases:
_EPB_OptionHeader schema for PCAP-NG
epb_packetidoptions.- packet_id: int = <UInt64Field packet_id>¶
Packet ID.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.EPB_QueueOption(dict_=None, **kwargs)[source]¶
Bases:
_EPB_OptionHeader schema for PCAP-NG
epb_queueoptions.- queue_id: int = <UInt32Field queue_id>¶
Queue ID.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.EPB_VerdictOption(dict_=None, **kwargs)[source]¶
Bases:
_EPB_OptionHeader schema for PCAP-NG
epb_verdictoptions.- verdict: Enum_VerdictType = <EnumField verdict>¶
Verdict type.
- value: bytes = <BytesField value>¶
Verdict value.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng._NS_Option(dict_=None, **kwargs)[source]¶
Bases:
OptionHeader schema for
ns_*options.- type: Enum_OptionType = <OptionEnumField type>¶
Option type.
- length: int = <UInt16Field length>¶
Option data length.
- class pcapkit.protocols.schema.misc.pcapng.NS_DNSNameOption(dict_=None, **kwargs)[source]¶
Bases:
_NS_OptionHeader schema for PCAP-NG
ns_dnsnameoption.- name: str = <StringField name>¶
DNS name.
- class pcapkit.protocols.schema.misc.pcapng.NS_DNSIP4AddrOption(dict_=None, **kwargs)[source]¶
Bases:
_NS_OptionHeader schema for PCAP-NG
ns_dnsIP4addroption.- ip: IPv4Address = <IPv4AddressField ip>¶
IPv4 address.
- class pcapkit.protocols.schema.misc.pcapng.NS_DNSIP6AddrOption(dict_=None, **kwargs)[source]¶
Bases:
_NS_OptionHeader schema for PCAP-NG
ns_dnsIP6addroption.- ip: IPv6Address = <IPv6AddressField ip>¶
IPv6 address.
- class pcapkit.protocols.schema.misc.pcapng._ISB_Option(dict_=None, **kwargs)[source]¶
Bases:
OptionHeader schema for
isb_*options.- type: Enum_OptionType = <OptionEnumField type>¶
Option type.
- length: int = <UInt16Field length>¶
Option data length.
- class pcapkit.protocols.schema.misc.pcapng.ISB_StartTimeOption(dict_=None, **kwargs)[source]¶
Bases:
_ISB_OptionHeader schema for PCAP-NG
isb_starttimeoption.- timestamp_high: int = <UInt32Field timestamp_high>¶
Timestamp (higher 32 bits).
- timestamp_low: int = <UInt32Field timestamp_low>¶
Timestamp (lower 32 bits).
- class pcapkit.protocols.schema.misc.pcapng.ISB_EndTimeOption(dict_=None, **kwargs)[source]¶
Bases:
_ISB_OptionHeader schema for PCAP-NG
isb_endtimeoption.- timestamp_high: int = <UInt32Field timestamp_high>¶
Timestamp (higher 32 bits).
- timestamp_low: int = <UInt32Field timestamp_low>¶
Timestamp (lower 32 bits).
- class pcapkit.protocols.schema.misc.pcapng.ISB_IFRecvOption(dict_=None, **kwargs)[source]¶
Bases:
_ISB_OptionHeader schema for PCAP-NG
isb_ifrecvoption.- packets: int = <UInt64Field packets>¶
Number of packets received.
- class pcapkit.protocols.schema.misc.pcapng.ISB_IFDropOption(dict_=None, **kwargs)[source]¶
Bases:
_ISB_OptionHeader schema for PCAP-NG
isb_ifdropoption.- packets: int = <UInt64Field packets>¶
Number of packets dropped.
- class pcapkit.protocols.schema.misc.pcapng.ISB_FilterAcceptOption(dict_=None, **kwargs)[source]¶
Bases:
_ISB_OptionHeader schema for PCAP-NG
isb_filteracceptoption.- packets: int = <UInt64Field packets>¶
Number of packets accepted by filter.
- class pcapkit.protocols.schema.misc.pcapng.ISB_OSDropOption(dict_=None, **kwargs)[source]¶
Bases:
_ISB_OptionHeader schema for PCAP-NG
isb_osdropoption.- packets: int = <UInt64Field packets>¶
Number of packets dropped by OS.
- class pcapkit.protocols.schema.misc.pcapng.ISB_UsrDelivOption(dict_=None, **kwargs)[source]¶
Bases:
_ISB_OptionHeader schema for PCAP-NG
isb_usrdelivoption.- packets: int = <UInt64Field packets>¶
Number of packets delivered to user.
- class pcapkit.protocols.schema.misc.pcapng._PACK_Option(dict_=None, **kwargs)[source]¶
Bases:
OptionHeader schema for
pack_*options.- type: Enum_OptionType = <OptionEnumField type>¶
Option type.
- length: int = <UInt16Field length>¶
Option data length.
- class pcapkit.protocols.schema.misc.pcapng.PACK_FlagsOption(dict_=None, **kwargs)[source]¶
Bases:
_PACK_OptionHeader schema for PCAP-NG
pack_flagsoptions.- flags: PACKFlags = <BitField flags>¶
Flags.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.PACK_HashOption(dict_=None, **kwargs)[source]¶
Bases:
_PACK_OptionHeader schema for PCAP-NG
pack_hashoptions.- func: Enum_HashAlgorithm = <EnumField func>¶
Hash algorithm.
- data: bytes = <BytesField data>¶
Hash value.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.NameResolutionRecord(dict_=None, **kwargs)[source]¶
Bases:
EnumSchema[RecordType]Header schema for PCAP-NG NRB records.
- type: Enum_RecordType = <EnumField type>¶
Record type.
- length: int = <UInt16Field length>¶
Record value length.
- class pcapkit.protocols.schema.misc.pcapng.UnknownRecord(dict_=None, **kwargs)[source]¶
Bases:
NameResolutionRecordHeader schema for PCAP-NG NRB unknown records.
- data: bytes = <BytesField data>¶
Unknown record data.
- padding: bytes = <PaddingField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.EndRecord(dict_=None, **kwargs)[source]¶
Bases:
NameResolutionRecordHeader schema for PCAP-NG
nrb_record_endrecords.
- class pcapkit.protocols.schema.misc.pcapng.IPv4Record(dict_=None, **kwargs)[source]¶
Bases:
NameResolutionRecordHeader schema for PCAP-NG NRB
nrb_record_ipv4records.- ip: IPv4Address = <IPv4AddressField ip>¶
IPv4 address.
- resol: str = <StringField resol>¶
Name resolution data.
- padding: bytes = <PaddingField padding>¶
Padding.
- names: list[str]¶
Name resolution records.
- class pcapkit.protocols.schema.misc.pcapng.IPv6Record(dict_=None, **kwargs)[source]¶
Bases:
NameResolutionRecordHeader schema for PCAP-NG NRB
nrb_record_ipv4records.- ip: IPv6Address = <IPv6AddressField ip>¶
IPv4 address.
- resol: str = <StringField resol>¶
Name resolution data.
- padding: bytes = <PaddingField padding>¶
Padding.
- names: list[str]¶
Name resolution records.
- class pcapkit.protocols.schema.misc.pcapng.DSBSecrets(dict_=None, **kwargs)[source]¶
Bases:
EnumSchema[SecretsType]Header schema for DSB secrets data.
- class pcapkit.protocols.schema.misc.pcapng.UnknownSecrets(dict_=None, **kwargs)[source]¶
Bases:
DSBSecretsHeader schema for unknown DSB secrets data.
- data: bytes = <BytesField data>¶
Secrets data.
- class pcapkit.protocols.schema.misc.pcapng.TLSKeyLog(dict_=None, **kwargs)[source]¶
Bases:
DSBSecretsHeader schema for TLS Key Log secrets data.
- data: str = <StringField data>¶
TLS key log data.
- entries: dict[TLSKeyLabel, OrderedMultiDict[bytes, bytes]]¶
TLS Key Log entries.
- class pcapkit.protocols.schema.misc.pcapng.WireGuardKeyLog(dict_=None, **kwargs)[source]¶
Bases:
DSBSecretsHeader schema for WireGuard Key Log secrets data.
- data: str = <StringField data>¶
WireGuard key log data.
- entries: OrderedMultiDict[WireGuardKeyLabel, bytes]¶
WireGuard Key Log entries.
- class pcapkit.protocols.schema.misc.pcapng.ZigBeeNWKKey(dict_=None, **kwargs)[source]¶
Bases:
DSBSecretsHeader schema for ZigBee NWK Key and ZigBee PANID secrets data.
- key: bytes = <BytesField key>¶
AES-128 NKW key.
- panid: int = <UInt16Field panid>¶
ZigBee PANID.
- padding: bytes = <BytesField padding>¶
Padding.
- class pcapkit.protocols.schema.misc.pcapng.ZigBeeAPSKey(dict_=None, **kwargs)[source]¶
Bases:
DSBSecretsHeader schema for ZigBee APS Key secrets data.
- key: bytes = <BytesField key>¶
AES-128 APS key.
- panid: int = <UInt16Field panid>¶
ZigBee PANID.
- addr_low: int = <UInt16Field addr_low>¶
Low node short address.
- addr_high: int = <UInt16Field addr_high>¶
High node short address.
- padding: bytes = <BytesField padding>¶
Padding.
Type Stubs¶
- class pcapkit.protocols.schema.misc.pcapng.ByteorderTest[source]¶
Bases:
TypedDictTest for byteorder.
- class pcapkit.protocols.schema.misc.pcapng.ResolutionData[source]¶
Bases:
TypedDictData for resolution.
- class pcapkit.protocols.schema.misc.pcapng.EPBFlags[source]¶
Bases:
TypedDictEPB flags.
-
direction:
int¶ Inbound / Outbound packet (
00= information not available,01= inbound,10= outbound)
-
reception:
int¶ Reception type (
000= not specified,001= unicast,010= multicast,011= broadcast,100= promiscuous).
-
direction:
- class pcapkit.protocols.schema.misc.pcapng.PACKFlags[source]¶
Bases:
TypedDictPACK flags.
-
direction:
int¶ Inbound / Outbound packet (
00= information not available,01= inbound,10= outbound)
-
reception:
int¶ Reception type (
000= not specified,001= unicast,010= multicast,011= broadcast,100= promiscuous).
-
direction:
Auxiliary Functions¶
- pcapkit.protocols.schema.misc.pcapng.byteorder_callback(field, packet)[source]¶
Update byte order of PCAP-NG file.
- Parameters:
field (
NumberField) – Field instance.
- Return type:
- pcapkit.protocols.schema.misc.pcapng.shb_byteorder_callback(field, packet)[source]¶
Update byte order of PCAP-NG file for SHB.
- Parameters:
field (
NumberField) – Field instance.
- Return type:
- pcapkit.protocols.schema.misc.pcapng.pcapng_block_selector(packet)[source]¶
Selector function for
PCAPNG.blockfield.- Parameters:
pkt – Packet data.
- Return type:
- Returns:
Returns a
SchemaFieldwrappedBlockTypesubclass instance.
- pcapkit.protocols.schema.misc.pcapng.dsb_secrets_selector(packet)[source]¶
Selector function for
DecryptionSecretsBlock.secrets_datafield.- Parameters:
pkt – Packet data.
- Return type:
- Returns:
If
secrets_typeis unknown, returns aBytesFieldinstance.If
secret_typeisTLS_Key_Logand/orWireGuard_Key_Log, returns aStringFieldinstance.Otherwise, returns a
SchemaFieldwrappedDSBSecretssubclass instance.
See also
pcapkit.const.pcapng.secrets_type.Secrets_Type
Data Models¶
- class pcapkit.protocols.data.misc.pcapng.PCAPNG(dict_=None, **kwargs)[source]¶
Bases:
ProtocolData model for PCAP-NG file blocks.
- type: Enum_BlockType¶
Block type.
- length: int¶
Block total length.
- class pcapkit.protocols.data.misc.pcapng.UnknownBlock(*args: VT, **kwargs: VT)[source]¶
Bases:
PCAPNGData model for unknown PCAP-NG file blocks.
- body: bytes¶
Block body.
- class pcapkit.protocols.data.misc.pcapng.SectionHeaderBlock(*args: VT, **kwargs: VT)[source]¶
Bases:
PCAPNGData model for PCAP-NG Section Header Block (SHB).
- byteorder: Literal["big", "little"]¶
Byte order.
- version: VersionInfo¶
Version number.
- section_length: int¶
Section length.
- options: OrderedMultiDict[Enum_OptionType, Option]¶
Options.
- class pcapkit.protocols.data.misc.pcapng.InterfaceDescriptionBlock(*args: VT, **kwargs: VT)[source]¶
Bases:
PCAPNGData model for PCAP-NG Interface Description Block (IDB).
- linktype: Enum_LinkType¶
Link type.
- snaplen: int¶
Snap length.
- options: OrderedMultiDict[Enum_OptionType, Option]¶
Options.
- class pcapkit.protocols.data.misc.pcapng.EnhancedPacketBlock(*args: VT, **kwargs: VT)[source]¶
Bases:
PCAPNGData model for PCAP-NG Enhanced Packet Block (EPB).
- section_number: int¶
Section index.
- number: int¶
Frame index.
- interface_id: int¶
Interface ID.
- timestamp: dt_type¶
Timestamp (in seconds).
- timestamp_epoch: Decimal¶
Timestamp as in UNIX epoch (in seconds).
- captured_len: int¶
Captured packet length.
- original_len: int¶
Original packet length.
- options: OrderedMultiDict[Enum_OptionType, Option]¶
Options.
- protocols: str¶
Protocol chain.
- class pcapkit.protocols.data.misc.pcapng.SimplePacketBlock(*args: VT, **kwargs: VT)[source]¶
Bases:
PCAPNGData model for PCAP-NG Simple Packet Block (SPB).
- section_number: int¶
Section index.
- number: int¶
Frame index.
- original_len: int¶
Original packet length.
- captured_len: int¶
Captured packet length.
- protocols: str¶
Protocol chain.
- interface_id: int¶
Interface ID.
- timestamp: dt_type¶
Timestamp (in seconds).
- timestamp_epoch: Decimal¶
Timestamp as in UNIX epoch (in seconds).
- class pcapkit.protocols.data.misc.pcapng.NameResolutionBlock(*args: VT, **kwargs: VT)[source]¶
Bases:
PCAPNGData model for PCAP-NG Name Resolution Block (NRB).
- records: OrderedMultiDict[Enum_RecordType, NameResolutionRecord]¶
Records.
- options: OrderedMultiDict[Enum_OptionType, Option]¶
Options.
- mapping: MultiDict[IPv4Address | IPv6Address, str]¶
Name resolution mapping (IP address -> name).
- reverse_mapping: MultiDict[str, IPv4Address | IPv6Address]¶
Name resolution mapping (name -> IP address).
- class pcapkit.protocols.data.misc.pcapng.InterfaceStatisticsBlock(*args: VT, **kwargs: VT)[source]¶
Bases:
PCAPNGData model for PCAP-NG Interface Statistics Block (ISB).
- interface_id: int¶
Interface ID.
- timestamp: dt_type¶
Timestamp.
- timestamp_epoch: Decimal¶
Timestamp as in UNIX epoch (in seconds).
- options: OrderedMultiDict[Enum_OptionType, Option]¶
Options.
- class pcapkit.protocols.data.misc.pcapng.SystemdJournalExportBlock(*args: VT, **kwargs: VT)[source]¶
Bases:
PCAPNGData model for PCAP-NG systemd(1) Journal Export Block.
- data: tuple[OrderedMultiDict[str, str | bytes], ...]¶
Journal entry.
- class pcapkit.protocols.data.misc.pcapng.DecryptionSecretsBlock(*args: VT, **kwargs: VT)[source]¶
Bases:
PCAPNGData model for PCAP-NG Decryption Secrets Block (DSB).
- secrets_type: Enum_SecretsType¶
Secrets type.
- secrets_length: int¶
Secrets length.
- secrets_data: DSBSecrets¶
Secrets data.
- options: OrderedMultiDict[Enum_OptionType, Option]¶
Options.
- class pcapkit.protocols.data.misc.pcapng.CustomBlock(*args: VT, **kwargs: VT)[source]¶
Bases:
PCAPNGData model for PCAP-NG Custom Block (CB).
- pen: int¶
Private enterprise number.
- data: bytes¶
Custom block data (incl. data, options and padding).
- class pcapkit.protocols.data.misc.pcapng.PacketBlock(*args: VT, **kwargs: VT)[source]¶
Bases:
PCAPNGData model for PCAP-NG Packet Block (obsolete).
- section_number: int¶
Section index.
- number: int¶
Frame index.
- interface_id: int¶
Interface ID.
- drop_count: int¶
Drops count.
- timestamp: dt_type¶
Timestamp.
- timestamp_epoch: Decimal¶
Timestamp as in UNIX epoch (in seconds).
- captured_len: int¶
Captured packet length.
- original_len: int¶
Original packet length.
- options: OrderedMultiDict[Enum_OptionType, Option]¶
Options.
- protocols: str¶
Protocol chain.
- class pcapkit.protocols.data.misc.pcapng.Option(dict_=None, **kwargs)[source]¶
Bases:
DataData model for PCAP-NG file options.
- type: Enum_OptionType¶
Option type.
- length: int¶
Option data length.
- class pcapkit.protocols.data.misc.pcapng.UnknownOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for unknown PCAP-NG file options.
- data: bytes¶
Option data.
- class pcapkit.protocols.data.misc.pcapng.EndOfOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
opt_endofoptoptions.
- class pcapkit.protocols.data.misc.pcapng.CommentOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
opt_commentoptions.- comment: str¶
Comment text.
- class pcapkit.protocols.data.misc.pcapng.CustomOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
opt_customoptions.- pen: int¶
Private enterprise number (PEN).
- data: bytes¶
Custom data.
- class pcapkit.protocols.data.misc.pcapng.IF_NameOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
if_nameoptions.- name: str¶
Interface name.
- class pcapkit.protocols.data.misc.pcapng.IF_DescriptionOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
if_descriptionoptions.- description: str¶
Interface description.
- class pcapkit.protocols.data.misc.pcapng.IF_IPv4AddrOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
if_IPv4addroptions.- interface: IPv4Interface¶
IPv4 interface.
- class pcapkit.protocols.data.misc.pcapng.IF_IPv6AddrOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
if_IPv6addroptions.- interface: IPv6Interface¶
IPv6 interface.
- class pcapkit.protocols.data.misc.pcapng.IF_MACAddrOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
if_MACaddroptions.- interface: str¶
MAC address.
- class pcapkit.protocols.data.misc.pcapng.IF_EUIAddrOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
if_EUIaddroptions.- interface: str¶
EUI address.
- class pcapkit.protocols.data.misc.pcapng.IF_SpeedOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
if_speedoptions.- speed: int¶
Interface speed, in bits per second.
- class pcapkit.protocols.data.misc.pcapng.IF_TSResolOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
if_tsresoloptions.- resolution: int¶
Time stamp resolution, in units per second.
- class pcapkit.protocols.data.misc.pcapng.IF_TZoneOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
if_tzoneoptions.- timezone: dt_timezone¶
Time zone.
- class pcapkit.protocols.data.misc.pcapng.IF_FilterOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
if_filteroptions.- code: Enum_FilterType¶
Filter code.
- expression: bytes¶
Filter expression.
- class pcapkit.protocols.data.misc.pcapng.IF_OSOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
if_osoptions.- os: str¶
Operating system.
- class pcapkit.protocols.data.misc.pcapng.IF_FCSLenOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
if_fcslenoptions.- fcs_length: int¶
FCS length.
- class pcapkit.protocols.data.misc.pcapng.IF_TSOffsetOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
if_tsoffsetoptions.- offset: int¶
Timestamp offset (in seconds).
- class pcapkit.protocols.data.misc.pcapng.IF_HardwareOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
if_hardwareoptions.- hardware: str¶
Hardware information.
- class pcapkit.protocols.data.misc.pcapng.IF_TxSpeedOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
if_txspeedoptions.- speed: int¶
Interface transmit speed (in bits per second).
- class pcapkit.protocols.data.misc.pcapng.IF_RxSpeedOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
if_rxspeedoptions.- speed: int¶
Interface receive speed (in bits per second).
- class pcapkit.protocols.data.misc.pcapng.EPB_FlagsOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
epb_flagsoptions.- direction: PacketDirection¶
Inbound / Outbound packet.
- reception: PacketReception¶
Reception type.
- fcs_len: int¶
FCS length.
- crc_error: bool¶
Link-layer-dependent error - CRC error (bit 24).
- too_long: bool¶
Link-layer-dependent error - packet too long error (bit 25).
- too_short: bool¶
Link-layer-dependent error - packet too short error (bit 26).
- gap_error: bool¶
Link-layer-dependent error - wrong Inter Frame Gap error (bit 27).
- unaligned_error: bool¶
Link-layer-dependent error - unaligned frame error (bit 28).
- delimiter_error: bool¶
Link-layer-dependent error - Start Frame Delimiter error (bit 29).
- preamble_error: bool¶
Link-layer-dependent error - preamble error (bit 30).
- symbol_error: bool¶
Link-layer-dependent error - symbol error (bit 31).
- class pcapkit.protocols.data.misc.pcapng.EPB_HashOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG
epb_hashoptions.- algorithm: Enum_HashAlgorithm¶
Hash algorithm.
- hash: bytes¶
Hash value.
- class pcapkit.protocols.data.misc.pcapng.EPB_DropCountOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG
epb_dropcountoptions.- drop_count: int¶
Number of packets dropped by the interface.
- class pcapkit.protocols.data.misc.pcapng.EPB_PacketIDOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG
epb_packetidoptions.- packet_id: int¶
Packet ID.
- class pcapkit.protocols.data.misc.pcapng.EPB_QueueOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG
epb_queueoptions.- queue_id: int¶
Queue ID.
- class pcapkit.protocols.data.misc.pcapng.EPB_VerdictOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG
epb_verdictoptions.- verdict: Enum_VerdictType¶
Verdict type.
- value: bytes¶
Verdict value.
- class pcapkit.protocols.data.misc.pcapng.NS_DNSNameOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG
ns_dnsnameoption.- name: str¶
DNS name.
- class pcapkit.protocols.data.misc.pcapng.NS_DNSIP4AddrOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG
ns_dnsip4addroption.- ip: IPv4Address¶
IPv4 address.
- class pcapkit.protocols.data.misc.pcapng.NS_DNSIP6AddrOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG
ns_dnsip6addroption.- ip: IPv6Address¶
IPv6 address.
- class pcapkit.protocols.data.misc.pcapng.ISB_StartTimeOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG
isb_starttimeoption.- timestamp: dt_type¶
Start time.
- timestamp_epoch: Decimal¶
Start time as in UNIX epoch (in seconds).
- class pcapkit.protocols.data.misc.pcapng.ISB_EndTimeOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG
isb_endtimeoption.- timestamp: dt_type¶
End time.
- timestamp_epoch: Decimal¶
End time as in UNIX epoch (in seconds).
- class pcapkit.protocols.data.misc.pcapng.ISB_IFRecvOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG
isb_ifrecvoption.- packets: int¶
Number of packets received.
- class pcapkit.protocols.data.misc.pcapng.ISB_IFDropOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG
isb_ifdropoption.- packets: int¶
Number of packets dropped.
- class pcapkit.protocols.data.misc.pcapng.ISB_FilterAcceptOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG
isb_filteracceptoption.- packets: int¶
Number of packets accepted by the filter.
- class pcapkit.protocols.data.misc.pcapng.ISB_OSDropOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG
isb_osdropoption.- packets: int¶
Number of packets dropped by the operating system.
- class pcapkit.protocols.data.misc.pcapng.ISB_UsrDelivOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG
isb_usrdelivoption.- packets: int¶
Number of packets delivered to the user.
- class pcapkit.protocols.data.misc.pcapng.PACK_FlagsOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG file
pack_flagsoptions.- direction: PacketDirection¶
Inbound / Outbound packet.
- reception: PacketReception¶
Reception type.
- fcs_len: int¶
FCS length.
- crc_error: bool¶
Link-layer-dependent error - CRC error (bit 24).
- too_long: bool¶
Link-layer-dependent error - packet too long error (bit 25).
- too_short: bool¶
Link-layer-dependent error - packet too short error (bit 26).
- gap_error: bool¶
Link-layer-dependent error - wrong Inter Frame Gap error (bit 27).
- unaligned_error: bool¶
Link-layer-dependent error - unaligned frame error (bit 28).
- delimiter_error: bool¶
Link-layer-dependent error - Start Frame Delimiter error (bit 29).
- preamble_error: bool¶
Link-layer-dependent error - preamble error (bit 30).
- symbol_error: bool¶
Link-layer-dependent error - symbol error (bit 31).
- class pcapkit.protocols.data.misc.pcapng.PACK_HashOption(*args: VT, **kwargs: VT)[source]¶
Bases:
OptionData model for PCAP-NG
pack_hashoptions.- algorithm: Enum_HashAlgorithm¶
Hash algorithm.
- hash: bytes¶
Hash value.
- class pcapkit.protocols.data.misc.pcapng.NameResolutionRecord(dict_=None, **kwargs)[source]¶
Bases:
DataData model for PCAP-NG NRB records.
- type: Enum_RecordType¶
Record type.
- length: int¶
Record value length.
- class pcapkit.protocols.data.misc.pcapng.UnknownRecord(*args: VT, **kwargs: VT)[source]¶
Bases:
NameResolutionRecordData model for PCAP-NG NRB unknown records.
- data: bytes¶
Unknown record value.
- class pcapkit.protocols.data.misc.pcapng.EndRecord(*args: VT, **kwargs: VT)[source]¶
Bases:
NameResolutionRecordData model for PCAP-NG
nrb_record_endrecords.
- class pcapkit.protocols.data.misc.pcapng.IPv4Record(*args: VT, **kwargs: VT)[source]¶
Bases:
NameResolutionRecordData model for PCAP-NG
nrb_record_ipv4records.- ip: IPv4Address¶
IPv4 address.
- records: tuple[str, ...]¶
Name resolution data.
- class pcapkit.protocols.data.misc.pcapng.IPv6Record(*args: VT, **kwargs: VT)[source]¶
Bases:
NameResolutionRecordData model for PCAP-NG
nrb_record_ipv6records.- ip: IPv6Address¶
IPv6 address.
- records: tuple[str, ...]¶
Name resolution data.
- class pcapkit.protocols.data.misc.pcapng.DSBSecrets(dict_=None, **kwargs)[source]¶
Bases:
DataData model for DSB secrets data.
- class pcapkit.protocols.data.misc.pcapng.UnknownSecrets(*args: VT, **kwargs: VT)[source]¶
Bases:
DSBSecretsData model for unknown DSB secrets.
- data: bytes¶
Secrets data.
- class pcapkit.protocols.data.misc.pcapng.TLSKeyLog(*args: VT, **kwargs: VT)[source]¶
Bases:
DSBSecretsData model for TLS key log DSB secrets.
- entries: dict[TLSKeyLabel, OrderedMultiDict[bytes, bytes]]¶
TLS key log entries.
- class pcapkit.protocols.data.misc.pcapng.WireGuardKeyLog(*args: VT, **kwargs: VT)[source]¶
Bases:
DSBSecretsData model for WireGuard key DSB secrets.
- entries: OrderedMultiDict[WireGuardKeyLabel, bytes]¶
WireGuard Key Log entries.
- class pcapkit.protocols.data.misc.pcapng.ZigBeeNWKKey(*args: VT, **kwargs: VT)[source]¶
Bases:
DSBSecretsData model for ZigBEE NWK Key and ZigBee PANID secrets data.
- nwk_key: bytes¶
AES-128 NKW key.
- pan_id: int¶
PAN ID.
- class pcapkit.protocols.data.misc.pcapng.ZigBeeAPSKey(*args: VT, **kwargs: VT)[source]¶
Bases:
DSBSecretsData model for ZigBEE APS Key secrets data.
- aps_key: bytes¶
AES-128 APS key.
- pan_id: int¶
PAN ID.
- short_address: int¶
Node short address.
Footnotes