def _scapy_read_frame(self):
"""Read frames with Scapy."""
from pcapkit.toolkit.scapy import (ipv4_reassembly, ipv6_reassembly,
packet2chain, packet2dict,
tcp_reassembly, tcp_traceflow)
# fetch Scapy packet
packet = next(self._extmp)
# verbose output
self._frnum += 1
self._proto = packet2chain(packet)
if self._flag_v:
print(f' - Frame {self._frnum:>3d}: {self._proto}')
# write plist
frnum = f'Frame {self._frnum}'
if not self._flag_q:
info = packet2dict(packet)
if self._flag_f:
ofile = self._ofile(f'{self._ofnm}/{frnum}.{self._fext}')
ofile(info, name=frnum)
else:
self._ofile(info, name=frnum)
# record frames
if self._flag_d:
# setattr(packet, 'packet2dict', packet2dict)
# setattr(packet, 'packet2chain', packet2chain)
self._frame.append(packet)
# record fragments
if self._ipv4:
flag, data = ipv4_reassembly(packet, count=self._frnum)
if flag:
self._reasm[0](data)
if self._ipv6:
flag, data = ipv6_reassembly(packet, count=self._frnum)
if flag:
self._reasm[1](data)
if self._tcp:
flag, data = tcp_reassembly(packet, count=self._frnum)
if flag:
self._reasm[2](data)
# trace flows
if self._flag_t:
flag, data = tcp_traceflow(packet, count=self._frnum)
if flag:
self._trace(data)
return packet
def _pyshark_read_frame(self):
"""Read frames."""
from pcapkit.toolkit.pyshark import packet2dict, tcp_traceflow
# fetch PyShark packet
packet = next(self._extmp)
# def _pyshark_packet2chain(packet):
# """Fetch PyShark packet protocol chain."""
# return ':'.join(map(lambda layer: layer.layer_name.upper(), packet.layers))
# verbose output
self._frnum = int(packet.number)
self._proto = packet.frame_info.protocols
if self._flag_v:
print(f' - Frame {self._frnum:>3d}: {self._proto}')
# write plist
frnum = f'Frame {self._frnum}'
if not self._flag_q:
info = packet2dict(packet)
if self._flag_f:
ofile = self._ofile(f'{self._ofnm}/{frnum}.{self._fext}')
ofile(info, name=frnum)
else:
self._ofile(info, name=frnum)
# record frames
if self._flag_d:
setattr(packet, 'packet2dict', packet2dict)
self._frame.append(packet)
# trace flows
if self._flag_t:
flag, data = tcp_traceflow(packet)
if flag:
self._trace(data)
return packet
def _dpkt_read_frame(self):
"""Read frames."""
from pcapkit.toolkit.dpkt import (ipv4_reassembly, ipv6_reassembly,
packet2chain, packet2dict,
tcp_reassembly, tcp_traceflow)
# fetch DPKT packet
timestamp, packet = next(self._extmp)
# extract packet
if self._dlink.value == 1:
packet = self._expkg.ethernet.Ethernet(packet)
elif self._dlink.value == 228:
packet = self._expkg.ip.IP(packet)
elif self._dlink.value == 229:
packet = self._expkg.ip6.IP6(packet)
else:
warnings.warn(
'unrecognised link layer protocol; all analysis functions ignored',
DPKTWarning,
stacklevel=stacklevel())
self._frnum += 1
if self._flag_d:
self._frame.append(packet)
return packet
# verbose output
self._frnum += 1
self._proto = packet2chain(packet)
if self._flag_v:
print(f' - Frame {self._frnum:>3d}: {self._proto}')
# write plist
frnum = f'Frame {self._frnum}'
if not self._flag_q:
info = packet2dict(packet, timestamp, data_link=self._dlink)
if self._flag_f:
ofile = self._ofile(f'{self._ofnm}/{frnum}.{self._fext}')
ofile(info, name=frnum)
else:
self._ofile(info, name=frnum)
# record frames
if self._flag_d:
setattr(packet, 'packet2dict', packet2dict)
setattr(packet, 'packet2chain', packet2chain)
self._frame.append(packet)
# record fragments
if self._ipv4:
flag, data = ipv4_reassembly(packet, count=self._frnum)
if flag:
self._reasm[0](data)
if self._ipv6:
flag, data = ipv6_reassembly(packet, count=self._frnum)
if flag:
self._reasm[1](data)
if self._tcp:
flag, data = tcp_reassembly(packet, count=self._frnum)
if flag:
self._reasm[2](data)
# trace flows
if self._flag_t:
flag, data = tcp_traceflow(packet,
timestamp,
data_link=self._dlink,
count=self._frnum)
if flag:
self._trace(data)
return packet
