3rd-Party Support#

Scapy Tools#

pcapkit.toolkit.scapy contains all you need for pcapkit handy usage with Scapy engine. All reforming functions returns with a flag to indicate if usable for its caller.

Warning

This module requires installed Scapy engine.

pcapkit.toolkit.scapy.ipv4_reassembly(packet, *, count=-1)[source]#

Make data for IPv4 reassembly.

Parameters:

  • packet (Packet) – Scapy packet.

  • count (int) – Packet index. If not provided, default to -1.

Return type:

Packet[IPv4Address] | None

Returns:

Data for IPv4 reassembly.

  • If the packet can be used for IPv4 reassembly. A packet can be reassembled if it contains IPv4 layer (scapy.layers.inet.IP) and the DF (scapy.layers.inet.IP.flags.DF) flag is False.

  • If the packet can be reassembled, then the dict mapping of data for IPv4 reassembly (reasm.ipv4.packet) will be returned; otherwise, returns None.

See also

pcapkit.foundation.reassembly.ipv4.IPv4

pcapkit.toolkit.scapy.ipv6_reassembly(packet, *, count=-1)[source]#

Make data for IPv6 reassembly.

Parameters:

  • packet (Packet) – Scapy packet.

  • count (int) – Packet index. If not provided, default to -1.

Return type:

Packet[IPv6Address] | None

Returns:

Data for IPv6 reassembly.

Raises:

ModuleNotFound – If Scapy is not installed.

See also

pcapkit.foundation.reassembly.ipv6.IPv6

pcapkit.toolkit.scapy.tcp_reassembly(packet, *, count=-1)[source]#

Store data for TCP reassembly.

Parameters:

  • packet (Packet) – Scapy packet.

  • count (int) – Packet index. If not provided, default to -1.

Return type:

Packet | None

Returns:

Data for TCP reassembly.

  • If the packet can be used for TCP reassembly. A packet can be reassembled if it contains TCP layer (scapy.layers.inet.TCP).

  • If the packet can be reassembled, then the dict mapping of data for TCP reassembly (reasm.tcp.packet) will be returned; otherwise, returns None.

See also

pcapkit.foundation.reassembly.tcp.TCP

pcapkit.toolkit.scapy.tcp_traceflow(packet, *, count=-1)[source]#

Trace packet flow for TCP.

Parameters:

  • packet (Packet) – Scapy packet.

  • count (int) – Packet index. If not provided, default to -1.

Return type:

Packet | None

Returns:

Data for TCP reassembly.

  • If the packet can be used for TCP flow tracing. A packet can be reassembled if it contains TCP layer (scapy.layers.inet.TCP).

  • If the packet can be reassembled, then the dict mapping of data for TCP flow tracing (trace.tcp.packet) will be returned; otherwise, returns None.

See also

pcapkit.foundation.traceflow.tcp.TCP

Auxiliary Functions#

pcapkit.toolkit.scapy.packet2chain(packet)[source]#

Fetch Scapy packet protocol chain.

Parameters:

packet (Packet) – Scapy packet.

Return type:

str

Returns:

Colon (:) seperated list of protocol chain.

Raises:

ModuleNotFound – If Scapy is not installed.

pcapkit.toolkit.scapy.packet2dict(packet)[source]#

Convert Scapy packet into dict.

Parameters:

packet (Packet) – Scapy packet.

Return type:

dict[str, Any]

Returns:

A dict mapping of packet data.

Raises:

ModuleNotFound – If Scapy is not installed.

DPKT Tools#

pcapkit.toolkit.dpkt contains all you need for pcapkit handy usage with DPKT engine. All reforming functions returns with a flag to indicate if usable for its caller.

pcapkit.toolkit.dpkt.ipv4_reassembly(packet, *, count=-1)[source]#

Make data for IPv4 reassembly.

Parameters:

  • packet (Packet) – DPKT packet.

  • count (int) – Packet index. If not provided, default to -1.

Return type:

Packet[IPv4Address] | None

Returns:

Data for IPv4 reassembly.

  • If the packet can be used for IPv4 reassembly. A packet can be reassembled if it contains IPv4 layer (dpkt.ip.IP) and the DF (dpkt.ip.IP.df) flag is False.

  • If the packet can be reassembled, then the dict mapping of data for IPv4 reassembly (reasm.ipv4.packet) will be returned; otherwise, returns None.

See also

pcapkit.foundation.reassembly.ipv4.IPv4

pcapkit.toolkit.dpkt.ipv6_reassembly(packet, *, count=-1)[source]#

Make data for IPv6 reassembly.

Parameters:

  • packet (Packet) – DPKT packet.

  • count (int) – Packet index. If not provided, default to -1.

Return type:

Packet[IPv6Address] | None

Returns:

Data for IPv6 reassembly.

See also

pcapkit.foundation.reassembly.ipv6.IPv6

pcapkit.toolkit.dpkt.tcp_reassembly(packet, *, count=-1)[source]#

Make data for TCP reassembly.

Parameters:

  • packet (Packet) – DPKT packet.

  • count (int) – Packet index. If not provided, default to -1.

Return type:

Packet | None

Returns:

Data for TCP reassembly.

  • If the packet can be used for TCP reassembly. A packet can be reassembled if it contains TCP layer (dpkt.tcp.TCP).

  • If the packet can be reassembled, then the dict mapping of data for TCP reassembly (reasm.tcp.packet) will be returned; otherwise, returns None.

See also

pcapkit.foundation.reassembly.tcp.TCP

pcapkit.toolkit.dpkt.tcp_traceflow(packet, timestamp, *, data_link, count=-1)[source]#

Trace packet flow for TCP.

Parameters:

  • packet (Packet) – DPKT packet.

  • timestamp (float) – Timestamp of the packet.

  • data_link (LinkType) – Data link layer protocol (from global header).

  • count (int) – Packet index. If not provided, default to -1.

Return type:

Packet | None

Returns:

Data for TCP reassembly.

  • If the packet can be used for TCP flow tracing. A packet can be reassembled if it contains TCP layer (dpkt.tcp.TCP).

  • If the packet can be reassembled, then the dict mapping of data for TCP flow tracing (trace.tcp.packet) will be returned; otherwise, returns None.

See also

pcapkit.foundation.traceflow.tcp.TCP

Auxiliary Functions#

pcapkit.toolkit.dpkt.ipv6_hdr_len(ipv6)[source]#

Calculate length of headers before IPv6 Fragment header.

Parameters:

ipv6 (IP6) – DPKT IPv6 packet.

Return type:

int

Returns:

Length of headers before IPv6 Fragment header dpkt.ip6.IP6FragmentHeader (RFC 2460#section-4.5).

As specified in RFC 2460#section-4.1, such headers (before the IPv6 Fragment Header) includes Hop-by-Hop Options header dpkt.ip6.IP6HopOptsHeader (RFC 2460#section-4.3), Destination Options header dpkt.ip6.IP6DstOptHeader (RFC 2460#section-4.6) and Routing header dpkt.ip6.IP6RoutingHeader (RFC 2460#section-4.4).

pcapkit.toolkit.dpkt.packet2chain(packet)[source]#

Fetch DPKT packet protocol chain.

Parameters:

packet (Packet) – DPKT packet.

Return type:

str

Returns:

Colon (:) seperated list of protocol chain.

pcapkit.toolkit.dpkt.packet2dict(packet, timestamp, *, data_link)[source]#

Convert DPKT packet into dict.

Parameters:

  • packet (Packet) – Scapy packet.

  • timestamp (float) – Timestamp of packet.

  • data_link (LinkType) – Data link type.

Returns:

A dict mapping of packet data.

Return type:

Dict[str, Any]

PyShark Tools#

pcapkit.toolkit.pyshark contains all you need for pcapkit handy usage with PyShark engine. All reforming functions returns with a flag to indicate if usable for its caller.

Note

Due to the lack of functionality of PyShark, some functions of pcapkit may not be available with the PyShark engine.

pcapkit.toolkit.pyshark.tcp_traceflow(packet)[source]#

Trace packet flow for TCP.

Parameters:

packet (Packet) – Scapy packet.

Returns:

A tuple of data for TCP reassembly.

  • If the packet can be used for TCP flow tracing. A packet can be reassembled if it contains TCP layer.

  • If the packet can be reassembled, then the dict mapping of data for TCP flow tracing (trace.tcp.packet) will be returned; otherwise, returns None.

Return type:

Tuple[bool, Dict[str, Any]]

See also

pcapkit.foundation.traceflow.tcp.TCP

Auxiliary Functions#

pcapkit.toolkit.pyshark.packet2dict(packet)[source]#

Convert PyShark packet into dict.

Parameters:

packet (Packet) – Scapy packet.

Return type:

dict[str, Any]

Returns:

A dict mapping of packet data.