disspcap

Python API¶

Pcap¶

class Pcap¶

Holds pcap file information and provides methods for pcap manipulation.

__init__(file)¶

Parameters:	file – Path to pcap.

next_packet()¶

Returns:	Next `Packet` parsed out of pcap file.

Packet¶

class Packet¶

ethernet¶: Ethernet object or None.

ipv4¶: IPv4 object or None.

ipv6¶: IPv6 object or None.

udp¶: UDP object or None.

tcp¶: TCP object or None.

dns¶: DNS object or None.

payload_length¶: Length of payload transport protocol.

payload¶: Payload of bytes following transport protocol.

Ethernet¶

class Ethernet¶

source¶: Source MAC address. (e.g. '54:75:d0:c9:0b:81')

destination¶: Destination MAC address. (e.g. '54:75:d0:c9:0b:81')

type¶: 'IPv4', 'IPv6' or 'ARP'

IPv4¶

class IPv4¶

source¶: Source IPv4 address. (e.g. '192.168.0.1')

destination¶: Destination IPv4 address. (e.g. '192.168.0.1')

protocol¶: Next protocol. (e.g. 'TCP', 'UDP', 'IGMP'…)

header_length¶: IPv4 header length.

IPv6¶

class IPv6¶

source¶: Source IPv6 address. (e.g. 'fe80::0202:b3ff:fe1e:8329')

destination¶: Destination IPv6 address. (e.g. 'fe80::0202:b3ff:fe1e:8329')

next_header¶: Next header type. (e.g. 'TCP', 'UDP', 'IGMP'…)

UDP¶

class UDP¶

source_port¶: Source port number.

destination_port¶: Destination port number.

TCP¶

class TCP¶

source_port¶: Source port number.

destination_port¶: Destination port number.

DNS¶

class DNS¶

qr¶: 0 (Query) or 1 (Response).

question_count¶: Number of question entries.

answer_count¶: Number of answer entries.

authority_count¶: Number of entries in authoritative NS section.

additional_count¶: Number of additional resource records.

answers¶: Answer RRs. List of strings formatted as: ['google.com A 172.217.23.206', ...]

authoritatives¶: Authoritative NS RRs. List of strings formatted as: ['google.com NS ns4.google.com', ...]

additionals¶: Additional RRs. List of strings formatted as: ['google.com A 172.217.23.206', ...]