disspcap

Python API¶

Pcap¶

class Pcap¶

Holds pcap file information and provides methods for pcap manipulation.

__init__(file)¶

Parameters:	file – Path to pcap.

next_packet()¶

Returns:	Next `Packet` parsed out of pcap file.

Packet¶

class Packet¶

ethernet¶: Ethernet object or None.

ipv4¶: IPv4 object or None.

ipv6¶: IPv6 object or None.

udp¶: UDP object or None.

tcp¶: TCP object or None.

dns¶: DNS object or None.

irc¶: IRC object or None.

telnet¶: Telnet object or None.

http¶: HTTP object or None.

payload_length¶: Length of payload transport protocol.

payload¶: Payload of bytes following transport protocol.

Ethernet¶

class Ethernet¶

source¶: Source MAC address. (e.g. '54:75:d0:c9:0b:81')

destination¶: Destination MAC address. (e.g. '54:75:d0:c9:0b:81')

type¶: 'IPv4', 'IPv6' or 'ARP'

IPv4¶

class IPv4¶

source¶: Source IPv4 address. (e.g. '192.168.0.1')

destination¶: Destination IPv4 address. (e.g. '192.168.0.1')

protocol¶: Next protocol. (e.g. 'TCP', 'UDP', 'IGMP'…)

header_length¶: IPv4 header length.

IPv6¶

class IPv6¶

source¶: Source IPv6 address. (e.g. 'fe80::0202:b3ff:fe1e:8329')

destination¶: Destination IPv6 address. (e.g. 'fe80::0202:b3ff:fe1e:8329')

next_header¶: Next header type. (e.g. 'TCP', 'UDP', 'IGMP'…)

UDP¶

class UDP¶

source_port¶: Source port number.

destination_port¶: Destination port number.

TCP¶

class TCP¶

source_port¶: Source port number.

destination_port¶: Destination port number.

DNS¶

class DNS¶

qr¶: 0 (Query) or 1 (Response).

question_count¶: Number of question entries.

answer_count¶: Number of answer entries.

authority_count¶: Number of entries in authoritative NS section.

additional_count¶: Number of additional resource records.

answers¶: Answer RRs. List of strings formatted as: ['google.com A 172.217.23.206', ...]

authoritatives¶: Authoritative NS RRs. List of strings formatted as: ['google.com NS ns4.google.com', ...]

additionals¶: Additional RRs. List of strings formatted as: ['google.com A 172.217.23.206', ...]

IRC¶

class IRC¶

messages¶: List of IRC messages.

class irc_message¶

prefix¶: Message prefix.

command¶: IRC command.

params¶: Command’s parameters.

trailing¶: Trailing parameter.

Telnet¶

class Telnet¶

is_command¶: True if Telnet packet is a command.

is_data¶: True if Telnet packet contains message data.

data¶: Captured Telnet data.

HTTP¶

class HTTP¶

is_request¶: True if packet is an HTTP request.

is_response¶: True if packet is an HTTP response.

non_ascii¶: True if packet contains non ascii symbols in HTTP header.

request_method¶: Request method type (e.g. GET).

request_uri¶: Request URI value.

version¶: HTTP version value (e.g. 'HTTP/1.1')

response_phrase¶: Reponse phrase value.

status_code¶: String containing status code.

headers¶: Dictionary with HTTP headers values.

body¶: HTTP body data (bytes).

body_length¶: Length of the data.