Python API

Pcap

class Pcap

Holds pcap file information and provides methods for pcap manipulation.

__init__(file)

Parameters:file – Path to pcap.

next_packet()

Returns:Next Packet parsed out of pcap file.

Packet

class Packet

ethernet

Ethernet object or None.

ipv4

IPv4 object or None.

ipv6

IPv6 object or None.

udp

UDP object or None.

tcp

TCP object or None.

dns

DNS object or None.

payload_length

Length of payload transport protocol.

payload

Payload of bytes following transport protocol.

Ethernet

class Ethernet

source

Source MAC address. (e.g. '54:75:d0:c9:0b:81')

destination

Destination MAC address. (e.g. '54:75:d0:c9:0b:81')

type

'IPv4', 'IPv6' or 'ARP'

IPv4

class IPv4

source

Source IPv4 address. (e.g. '192.168.0.1')

destination

Destination IPv4 address. (e.g. '192.168.0.1')

protocol

Next protocol. (e.g. 'TCP', 'UDP', 'IGMP'…)

header_length

IPv4 header length.

IPv6

class IPv6

source

Source IPv6 address. (e.g. 'fe80::0202:b3ff:fe1e:8329')

destination

Destination IPv6 address. (e.g. 'fe80::0202:b3ff:fe1e:8329')

next_header

Next header type. (e.g. 'TCP', 'UDP', 'IGMP'…)

UDP

class UDP

source_port

Source port number.

destination_port

Destination port number.

TCP

class TCP

source_port

Source port number.

destination_port

Destination port number.

DNS

class DNS

qr

0 (Query) or 1 (Response).

question_count

Number of question entries.

answer_count

Number of answer entries.

authority_count

Number of entries in authoritative NS section.

additional_count

Number of additional resource records.

answers

Answer RRs. List of strings formatted as: ['google.com A 172.217.23.206', ...]

authoritatives

Authoritative NS RRs. List of strings formatted as: ['google.com NS ns4.google.com', ...]

additionals

Additional RRs. List of strings formatted as: ['google.com A 172.217.23.206', ...]