def tcp_traceflow(packet):
"""Trace packet flow for TCP.
Args:
packet (pyshark.packet.packet.Packet): Scapy packet.
Returns:
Tuple[bool, Dict[str, Any]]: A tuple of data for TCP reassembly.
* If the ``packet`` can be used for TCP flow tracing. A packet can be reassembled
if it contains TCP layer.
* If the ``packet`` can be reassembled, then the :obj:`dict` mapping of data for TCP
flow tracing (:term:`tcp.trace`) will be returned; otherwise, returns :data:`None`.
See Also:
:class:`~pcapkit.foundation.traceflow.TraceFlow`
"""
if 'TCP' in packet:
ip = packet.ip if 'IP' in packet else packet.ipv6
tcp = packet.tcp
data = dict(
protocol=LINKTYPE.get(packet.layers[0].layer_name.upper()), # data link type from global header
index=int(packet.number), # frame number
frame=packet2dict(packet), # extracted packet
syn=bool(int(tcp.flags_syn)), # TCP synchronise (SYN) flag
fin=bool(int(tcp.flags_fin)), # TCP finish (FIN) flag
src=ipaddress.ip_address(ip.src), # source IP
dst=ipaddress.ip_address(ip.dst), # destination IP
srcport=int(tcp.srcport), # TCP source port
dstport=int(tcp.dstport), # TCP destination port
timestamp=packet.frame_info.time_epoch, # timestamp
)
return True, data
return False, None
def _read_protos(self, size):
"""Read next layer protocol type.
Arguments:
size (int) buffer size
Returns:
pcapkit.const.reg.linktype.LinkType: link layer protocol enumeration
"""
_byte = self._read_unpack(4, lilendian=True)
_prot = LINKTYPE.get(_byte)
return _prot
def _read_protos(self, size):
"""Read next layer protocol type.
Positional arguments:
* size -- int, buffer size
Returns:
* str -- link layer protocol name
"""
_byte = self._read_unpack(4, lilendian=True)
_prot = LINKTYPE.get(_byte)
return _prot
def tcp_traceflow(packet, *, count=NotImplemented):
"""Trace packet flow for TCP."""
if 'TCP' in packet:
ip = packet['IP'] if 'IP' in packet else packet['IPv6']
tcp = packet['TCP']
data = dict(
protocol=LINKTYPE.get(
packet.name.upper()), # data link type from global header
index=count, # frame number
frame=packet2dict(packet), # extracted packet
syn=bool(tcp.flags.S), # TCP synchronise (SYN) flag
fin=bool(tcp.flags.F), # TCP finish (FIN) flag
src=ipaddress.ip_address(ip.src), # source IP
dst=ipaddress.ip_address(ip.dst), # destination IP
srcport=tcp.sport, # TCP source port
dstport=tcp.dport, # TCP destination port
timestamp=time.time(), # timestamp
)
return True, data
return False, None
def tcp_traceflow(packet, *, count=NotImplemented):
"""Trace packet flow for TCP.
Args:
packet (scapy.packet.Packet): Scapy packet.
Keyword Args:
count (int): Packet index. If not provided, default to ``NotImplemented``.
Returns:
Tuple[bool, Dict[str, Any]]: A tuple of data for TCP reassembly.
* If the ``packet`` can be used for TCP flow tracing. A packet can be reassembled
if it contains TCP layer (:class:`scapy.layers.inet.TCP`).
* If the ``packet`` can be reassembled, then the ``dict`` mapping of data for TCP
flow tracing (:term:`tcp.trace`) will be returned; otherwise, returns ``None``.
See Also:
:class:`~pcapkit.foundation.traceflow.TraceFlow`
"""
if 'TCP' in packet:
ip = packet['IP'] if 'IP' in packet else packet['IPv6']
tcp = packet['TCP']
data = dict(
protocol=LINKTYPE.get(
packet.name.upper()), # data link type from global header
index=count, # frame number
frame=packet2dict(packet), # extracted packet
syn=bool(tcp.flags.S), # TCP synchronise (SYN) flag
fin=bool(tcp.flags.F), # TCP finish (FIN) flag
src=ipaddress.ip_address(ip.src), # source IP
dst=ipaddress.ip_address(ip.dst), # destination IP
srcport=tcp.sport, # TCP source port
dstport=tcp.dport, # TCP destination port
timestamp=time.time(), # timestamp
)
return True, data
return False, None