3rd-Party Support¶

Scapy Tools¶

pcapkit.toolkit.scapy contains all you need for pcapkit handy usage with Scapy engine. All reforming functions returns with a flag to indicate if usable for its caller.

Warning

This module requires installed Scapy engine.

pcapkit.toolkit.scapy.ipv4_reassembly(packet, *, count=-1)[source]¶

Make data for IPv4 reassembly.

Parameters:

packet (Packet) – Scapy packet.
count (int) – Packet index. If not provided, default to -1.

Return type:

Packet[IPv4Address] | None

Returns:

Data for IPv4 reassembly.

If the packet can be used for IPv4 reassembly. A packet can be reassembled if it contains IPv4 layer (scapy.layers.inet.IP) and the DF (scapy.layers.inet.IP.flags.DF) flag is False.
If the packet can be reassembled, then the dict mapping of data for IPv4 reassembly (reasm.ipv4.packet) will be returned; otherwise, returns None.

pcapkit.toolkit.scapy.ipv6_reassembly(packet, *, count=-1)[source]¶

Make data for IPv6 reassembly.

Parameters:

packet (Packet) – Scapy packet.
count (int) – Packet index. If not provided, default to -1.

Return type:

Packet[IPv6Address] | None

Returns:

Data for IPv6 reassembly.

If the packet can be used for IPv6 reassembly. A packet can be reassembled if it contains IPv6 layer (scapy.layers.inet6.IPv6) and IPv6 Fragment header (RFC 2460#section-4.5, i.e., scapy.layers.inet6.IPv6ExtHdrFragment).
If the packet can be reassembled, then the dict mapping of data for IPv6 reassembly (reasm.ipv6.packet) will be returned; otherwise, returns None.

Raises:

ModuleNotFound – If Scapy is not installed.

pcapkit.toolkit.scapy.tcp_reassembly(packet, *, count=-1)[source]¶

Store data for TCP reassembly.

Parameters:

packet (Packet) – Scapy packet.
count (int) – Packet index. If not provided, default to -1.

Return type:

Packet | None

Returns:

Data for TCP reassembly.

If the packet can be used for TCP reassembly. A packet can be reassembled if it contains TCP layer (scapy.layers.inet.TCP).
If the packet can be reassembled, then the dict mapping of data for TCP reassembly (reasm.tcp.packet) will be returned; otherwise, returns None.

See also

pcapkit.foundation.reassembly.tcp.TCP

pcapkit.toolkit.scapy.tcp_traceflow(packet, *, count=-1)[source]¶

Trace packet flow for TCP.

Parameters:

packet (Packet) – Scapy packet.
count (int) – Packet index. If not provided, default to -1.

Return type:

Packet | None

Returns:

Data for TCP reassembly.

If the packet can be used for TCP flow tracing. A packet can be reassembled if it contains TCP layer (scapy.layers.inet.TCP).
If the packet can be reassembled, then the dict mapping of data for TCP flow tracing (trace.tcp.packet) will be returned; otherwise, returns None.

See also

pcapkit.foundation.traceflow.tcp.TCP

Auxiliary Functions¶

pcapkit.toolkit.scapy.packet2chain(packet)[source]¶

Fetch Scapy packet protocol chain.

Parameters:: packet (Packet) – Scapy packet.
Return type:: str
Returns:: Colon (:) seperated list of protocol chain.
Raises:: ModuleNotFound – If Scapy is not installed.

pcapkit.toolkit.scapy.packet2dict(packet)[source]¶

Convert Scapy packet into dict.

Parameters:: packet (Packet) – Scapy packet.
Return type:: dict[str, Any]
Returns:: A dict mapping of packet data.
Raises:: ModuleNotFound – If Scapy is not installed.

DPKT Tools¶

pcapkit.toolkit.dpkt contains all you need for pcapkit handy usage with DPKT engine. All reforming functions returns with a flag to indicate if usable for its caller.

pcapkit.toolkit.dpkt.ipv4_reassembly(packet, *, count=-1)[source]¶

Make data for IPv4 reassembly.

Parameters:

packet (Packet) – DPKT packet.
count (int) – Packet index. If not provided, default to -1.

Return type:

Packet[IPv4Address] | None

Returns:

Data for IPv4 reassembly.

If the packet can be used for IPv4 reassembly. A packet can be reassembled if it contains IPv4 layer (dpkt.ip.IP) and the DF (dpkt.ip.IP.df) flag is False.
If the packet can be reassembled, then the dict mapping of data for IPv4 reassembly (reasm.ipv4.packet) will be returned; otherwise, returns None.

pcapkit.toolkit.dpkt.ipv6_reassembly(packet, *, count=-1)[source]¶

Make data for IPv6 reassembly.

Parameters:

packet (Packet) – DPKT packet.
count (int) – Packet index. If not provided, default to -1.

Return type:

Packet[IPv6Address] | None

Returns:

Data for IPv6 reassembly.

If the packet can be used for IPv6 reassembly. A packet can be reassembled if it contains IPv6 layer (dpkt.ip6.IP6) and IPv6 Fragment header (RFC 2460#section-4.5, i.e., dpkt.ip6.IP6FragmentHeader).
If the packet can be reassembled, then the dict mapping of data for IPv6 reassembly (reasm.ipv6.packet) will be returned; otherwise, returns None.

pcapkit.toolkit.dpkt.tcp_reassembly(packet, *, count=-1)[source]¶

Make data for TCP reassembly.

Parameters:

packet (Packet) – DPKT packet.
count (int) – Packet index. If not provided, default to -1.

Return type:

Packet | None

Returns:

Data for TCP reassembly.

If the packet can be used for TCP reassembly. A packet can be reassembled if it contains TCP layer (dpkt.tcp.TCP).
If the packet can be reassembled, then the dict mapping of data for TCP reassembly (reasm.tcp.packet) will be returned; otherwise, returns None.

See also

pcapkit.foundation.reassembly.tcp.TCP

pcapkit.toolkit.dpkt.tcp_traceflow(packet, timestamp, *, data_link, count=-1)[source]¶

Trace packet flow for TCP.

Parameters:

packet (Packet) – DPKT packet.
timestamp (float) – Timestamp of the packet.
data_link (LinkType) – Data link layer protocol (from global header).
count (int) – Packet index. If not provided, default to -1.

Return type:

Packet | None

Returns:

Data for TCP reassembly.

If the packet can be used for TCP flow tracing. A packet can be reassembled if it contains TCP layer (dpkt.tcp.TCP).
If the packet can be reassembled, then the dict mapping of data for TCP flow tracing (trace.tcp.packet) will be returned; otherwise, returns None.

See also

pcapkit.foundation.traceflow.tcp.TCP

Auxiliary Functions¶

pcapkit.toolkit.dpkt.ipv6_hdr_len(ipv6)[source]¶

Calculate length of headers before IPv6 Fragment header.

Parameters:: ipv6 (IP6) – DPKT IPv6 packet.
Return type:: int
Returns:: Length of headers before IPv6 Fragment header dpkt.ip6.IP6FragmentHeader (RFC 2460#section-4.5).

As specified in RFC 2460#section-4.1, such headers (before the IPv6 Fragment Header) includes Hop-by-Hop Options header dpkt.ip6.IP6HopOptsHeader (RFC 2460#section-4.3), Destination Options header dpkt.ip6.IP6DstOptHeader (RFC 2460#section-4.6) and Routing header dpkt.ip6.IP6RoutingHeader (RFC 2460#section-4.4).

pcapkit.toolkit.dpkt.packet2chain(packet)[source]¶

Fetch DPKT packet protocol chain.

Parameters:: packet (Packet) – DPKT packet.
Return type:: str
Returns:: Colon (:) seperated list of protocol chain.

pcapkit.toolkit.dpkt.packet2dict(packet, timestamp, *, data_link)[source]¶

Convert DPKT packet into dict.

Parameters:

packet (Packet) – Scapy packet.
timestamp (float) – Timestamp of packet.
data_link (LinkType) – Data link type.

Returns:

A dict mapping of packet data.

Return type:

Dict[str, Any]

PyShark Tools¶

pcapkit.toolkit.pyshark contains all you need for pcapkit handy usage with PyShark engine. All reforming functions returns with a flag to indicate if usable for its caller.

Note

Due to the lack of functionality of PyShark, some functions of pcapkit may not be available with the PyShark engine.

pcapkit.toolkit.pyshark.tcp_traceflow(packet)[source]¶

Trace packet flow for TCP.

Parameters:

packet (Packet) – Scapy packet.

Returns:

A tuple of data for TCP reassembly.

If the packet can be used for TCP flow tracing. A packet can be reassembled if it contains TCP layer.
If the packet can be reassembled, then the dict mapping of data for TCP flow tracing (trace.tcp.packet) will be returned; otherwise, returns None.

Return type:

Tuple[bool, Dict[str, Any]]

See also

pcapkit.foundation.traceflow.tcp.TCP

Auxiliary Functions¶

pcapkit.toolkit.pyshark.packet2dict(packet)[source]¶

Convert PyShark packet into dict.

Parameters:: packet (Packet) – Scapy packet.
Return type:: dict[str, Any]
Returns:: A dict mapping of packet data.