def tcp_traceflow(packet): """Trace packet flow for TCP. Args: packet (pyshark.packet.packet.Packet): Scapy packet. Returns: Tuple[bool, Dict[str, Any]]: A tuple of data for TCP reassembly. * If the ``packet`` can be used for TCP flow tracing. A packet can be reassembled if it contains TCP layer. * If the ``packet`` can be reassembled, then the :obj:`dict` mapping of data for TCP flow tracing (:term:`tcp.trace`) will be returned; otherwise, returns :data:`None`. See Also: :class:`~pcapkit.foundation.traceflow.TraceFlow` """ if 'TCP' in packet: ip = packet.ip if 'IP' in packet else packet.ipv6 tcp = packet.tcp data = dict( protocol=LINKTYPE.get(packet.layers[0].layer_name.upper()), # data link type from global header index=int(packet.number), # frame number frame=packet2dict(packet), # extracted packet syn=bool(int(tcp.flags_syn)), # TCP synchronise (SYN) flag fin=bool(int(tcp.flags_fin)), # TCP finish (FIN) flag src=ipaddress.ip_address(ip.src), # source IP dst=ipaddress.ip_address(ip.dst), # destination IP srcport=int(tcp.srcport), # TCP source port dstport=int(tcp.dstport), # TCP destination port timestamp=packet.frame_info.time_epoch, # timestamp ) return True, data return False, None
def _read_protos(self, size): """Read next layer protocol type. Arguments: size (int) buffer size Returns: pcapkit.const.reg.linktype.LinkType: link layer protocol enumeration """ _byte = self._read_unpack(4, lilendian=True) _prot = LINKTYPE.get(_byte) return _prot
def _read_protos(self, size): """Read next layer protocol type. Positional arguments: * size -- int, buffer size Returns: * str -- link layer protocol name """ _byte = self._read_unpack(4, lilendian=True) _prot = LINKTYPE.get(_byte) return _prot
def tcp_traceflow(packet, *, count=NotImplemented): """Trace packet flow for TCP.""" if 'TCP' in packet: ip = packet['IP'] if 'IP' in packet else packet['IPv6'] tcp = packet['TCP'] data = dict( protocol=LINKTYPE.get( packet.name.upper()), # data link type from global header index=count, # frame number frame=packet2dict(packet), # extracted packet syn=bool(tcp.flags.S), # TCP synchronise (SYN) flag fin=bool(tcp.flags.F), # TCP finish (FIN) flag src=ipaddress.ip_address(ip.src), # source IP dst=ipaddress.ip_address(ip.dst), # destination IP srcport=tcp.sport, # TCP source port dstport=tcp.dport, # TCP destination port timestamp=time.time(), # timestamp ) return True, data return False, None
def tcp_traceflow(packet, *, count=NotImplemented): """Trace packet flow for TCP. Args: packet (scapy.packet.Packet): Scapy packet. Keyword Args: count (int): Packet index. If not provided, default to ``NotImplemented``. Returns: Tuple[bool, Dict[str, Any]]: A tuple of data for TCP reassembly. * If the ``packet`` can be used for TCP flow tracing. A packet can be reassembled if it contains TCP layer (:class:`scapy.layers.inet.TCP`). * If the ``packet`` can be reassembled, then the ``dict`` mapping of data for TCP flow tracing (:term:`tcp.trace`) will be returned; otherwise, returns ``None``. See Also: :class:`~pcapkit.foundation.traceflow.TraceFlow` """ if 'TCP' in packet: ip = packet['IP'] if 'IP' in packet else packet['IPv6'] tcp = packet['TCP'] data = dict( protocol=LINKTYPE.get( packet.name.upper()), # data link type from global header index=count, # frame number frame=packet2dict(packet), # extracted packet syn=bool(tcp.flags.S), # TCP synchronise (SYN) flag fin=bool(tcp.flags.F), # TCP finish (FIN) flag src=ipaddress.ip_address(ip.src), # source IP dst=ipaddress.ip_address(ip.dst), # destination IP srcport=tcp.sport, # TCP source port dstport=tcp.dport, # TCP destination port timestamp=time.time(), # timestamp ) return True, data return False, None