netzob.Import.PCAPImporter package

Submodules

netzob.Import.PCAPImporter.PCAPImporter module

class PCAPImporter[source]

Bases: object

PCAP importer to read pcaps and extract messages out of them. We recommend to use static methods such as - PCAPImporter.readFiles(...) - PCAPimporter.readFile(...) refer to their documentation to have an overview of the required parameters.

INVALID_BPF_FILTER = 0
INVALID_LAYER2 = 1
INVALID_LAYER3 = 2
INVALID_LAYER4 = 3
PROTOCOL201 = 201
static getMessageDetails(*args, **kwargs)[source]

Decode a raw network message and print the content of each encapsulated layer.

Parameters:
  • filePathList (a list of str) – the messages to cluster.
  • bpfFilter (str) – a string representing a BPF filter.
  • importLayer (int) – an integer representing the protocol layer to start importing.
static readFile(*args, **kwargs)[source]

Read all messages from the specified PCAP file. A BPF filter can be set to limit the captured packets. The layer of import can also be specified:

  • When layer={1, 2}, it means we want to capture a raw layer (such as Ethernet).
  • If layer=3, we capture at the network level (such as IP).
  • If layer=4, we capture at the transport layer (such as TCP or UDP).
  • If layer=5, we capture at the applicative layer (such as the TCP or UDP payload).

Finally, the number of packets to capture can be specified.

Parameters:
  • filePath (str) – the pcap path
  • bpfFilter (str) – a string representing a BPF filter.
  • importLayer (int) – an integer representing the protocol layer to start importing.
  • nbPackets (int) – the number of packets to import
Returns:

a list of captured messages

Return type:

a list of netzob.Common.Models.Vocabulary.Messages.AbstractMessage

static readFiles(*args, **kwargs)[source]

Read all messages from a list of PCAP files. A BPF filter can be set to limit the captured packets. The layer of import can also be specified:

  • When layer={1, 2}, it means we want to capture a raw layer (such as Ethernet).
  • If layer=3, we capture at the network level (such as IP).
  • If layer=4, we capture at the transport layer (such as TCP or UDP).
  • If layer=5, we capture at the applicative layer (such as the TCP or UDP payload).

Finally, the number of packets to capture can be specified.

Parameters:
  • filePathList (a list of str) – a list of pcap files to read
  • bpfFilter (str) – a string representing a BPF filter.
  • importLayer (int) – an integer representing the protocol layer to start importing.
  • nbPackets (int) – the number of packets to import
Returns:

a list of captured messages

Return type:

a list of netzob.Common.Models.Vocabulary.Messages.AbstractMessage

readMessages(*args, **kwargs)[source]

Read all messages from a list of PCAP files. A BPF filter can be set to limit the captured packets. The layer of import can also be specified:

  • When layer={1, 2}, it means we want to capture a raw layer (such as Ethernet).
  • If layer=3, we capture at the network level (such as IP).
  • If layer=4, we capture at the transport layer (such as TCP or UDP).
  • If layer=5, we capture at the applicative layer (such as the TCP or UDP payload).

Finally, the number of packets to capture can be specified.

Parameters:
  • filePathList (a list of str) – the messages to cluster.
  • bpfFilter (str) – a string representing a BPF filter.
  • importLayer (int) – an integer representing the protocol layer to start importing.
  • nbPackets (int) – the number of packets to import
Returns:

a list of captured messages

Return type:

a list of netzob.Common.Models.Vocabulary.Messages.AbstractMessage

netzob.Import.PCAPImporter.all module

Module contents