def _scapy_read_frame(self):
"""Read frames with Scapy."""
from pcapkit.toolkit.scapy import (ipv4_reassembly, ipv6_reassembly,
packet2chain, packet2dict,
tcp_reassembly, tcp_traceflow)
# fetch Scapy packet
packet = next(self._extmp)
# verbose output
self._frnum += 1
self._proto = packet2chain(packet)
if self._flag_v:
print(f' - Frame {self._frnum:>3d}: {self._proto}')
# write plist
frnum = f'Frame {self._frnum}'
if not self._flag_q:
info = packet2dict(packet)
if self._flag_f:
ofile = self._ofile(f'{self._ofnm}/{frnum}.{self._fext}')
ofile(info, name=frnum)
else:
self._ofile(info, name=frnum)
# record frames
if self._flag_d:
# setattr(packet, 'packet2dict', packet2dict)
# setattr(packet, 'packet2chain', packet2chain)
self._frame.append(packet)
# record fragments
if self._ipv4:
flag, data = ipv4_reassembly(packet, count=self._frnum)
if flag:
self._reasm[0](data)
if self._ipv6:
flag, data = ipv6_reassembly(packet, count=self._frnum)
if flag:
self._reasm[1](data)
if self._tcp:
flag, data = tcp_reassembly(packet, count=self._frnum)
if flag:
self._reasm[2](data)
# trace flows
if self._flag_t:
flag, data = tcp_traceflow(packet, count=self._frnum)
if flag:
self._trace(data)
return packet
def _pyshark_read_frame(self):
"""Read frames."""
from pcapkit.toolkit.pyshark import packet2dict, tcp_traceflow
# fetch PyShark packet
packet = next(self._extmp)
# def _pyshark_packet2chain(packet):
# """Fetch PyShark packet protocol chain."""
# return ':'.join(map(lambda layer: layer.layer_name.upper(), packet.layers))
# verbose output
self._frnum = int(packet.number)
self._proto = packet.frame_info.protocols
if self._flag_v:
print(f' - Frame {self._frnum:>3d}: {self._proto}')
# write plist
frnum = f'Frame {self._frnum}'
if not self._flag_q:
info = packet2dict(packet)
if self._flag_f:
ofile = self._ofile(f'{self._ofnm}/{frnum}.{self._fext}')
ofile(info, name=frnum)
else:
self._ofile(info, name=frnum)
# record frames
if self._flag_d:
setattr(packet, 'packet2dict', packet2dict)
self._frame.append(packet)
# trace flows
if self._flag_t:
flag, data = tcp_traceflow(packet)
if flag:
self._trace(data)
return packet
def _dpkt_read_frame(self):
"""Read frames."""
from pcapkit.toolkit.dpkt import (ipv4_reassembly, ipv6_reassembly,
packet2chain, packet2dict,
tcp_reassembly, tcp_traceflow)
# fetch DPKT packet
timestamp, packet = next(self._extmp)
# extract packet
if self._dlink.value == 1:
packet = self._expkg.ethernet.Ethernet(packet)
elif self._dlink.value == 228:
packet = self._expkg.ip.IP(packet)
elif self._dlink.value == 229:
packet = self._expkg.ip6.IP6(packet)
else:
warnings.warn(
'unrecognised link layer protocol; all analysis functions ignored',
DPKTWarning,
stacklevel=stacklevel())
self._frnum += 1
if self._flag_d:
self._frame.append(packet)
return packet
# verbose output
self._frnum += 1
self._proto = packet2chain(packet)
if self._flag_v:
print(f' - Frame {self._frnum:>3d}: {self._proto}')
# write plist
frnum = f'Frame {self._frnum}'
if not self._flag_q:
info = packet2dict(packet, timestamp, data_link=self._dlink)
if self._flag_f:
ofile = self._ofile(f'{self._ofnm}/{frnum}.{self._fext}')
ofile(info, name=frnum)
else:
self._ofile(info, name=frnum)
# record frames
if self._flag_d:
setattr(packet, 'packet2dict', packet2dict)
setattr(packet, 'packet2chain', packet2chain)
self._frame.append(packet)
# record fragments
if self._ipv4:
flag, data = ipv4_reassembly(packet, count=self._frnum)
if flag:
self._reasm[0](data)
if self._ipv6:
flag, data = ipv6_reassembly(packet, count=self._frnum)
if flag:
self._reasm[1](data)
if self._tcp:
flag, data = tcp_reassembly(packet, count=self._frnum)
if flag:
self._reasm[2](data)
# trace flows
if self._flag_t:
flag, data = tcp_traceflow(packet,
timestamp,
data_link=self._dlink,
count=self._frnum)
if flag:
self._trace(data)
return packet
def _default_read_frame(self, *, frame=None, mpkit=None):
"""Read frames with default engine.
- Extract frames and each layer of packets.
- Make Info object out of frame properties.
- Append Info.
- Write plist & append Info.
"""
from pcapkit.toolkit.default import (ipv4_reassembly, ipv6_reassembly,
tcp_reassembly, tcp_traceflow)
# read frame header
if not self._flag_m:
frame = Frame(self._ifile,
num=self._frnum + 1,
proto=self._dlink,
layer=self._exlyr,
protocol=self._exptl,
nanosecond=self._nnsec)
self._frnum += 1
# verbose output
if self._flag_v:
print(f' - Frame {self._frnum:>3d}: {frame.protochain}')
# write plist
frnum = f'Frame {self._frnum}'
if not self._flag_q:
if self._flag_f:
ofile = self._ofile(f'{self._ofnm}/{frnum}.{self._fext}')
ofile(frame.info, name=frnum)
else:
self._ofile(frame.info, name=frnum)
# record fragments
if self._ipv4:
flag, data = ipv4_reassembly(frame)
if flag:
self._reasm[0](data)
if self._ipv6:
flag, data = ipv6_reassembly(frame)
if flag:
self._reasm[1](data)
if self._tcp:
flag, data = tcp_reassembly(frame)
if flag:
self._reasm[2](data)
# trace flows
if self._flag_t:
flag, data = tcp_traceflow(frame, data_link=self._dlink)
if flag:
self._trace(data)
# record frames
if self._exeng == 'pipeline':
if self._flag_d:
# frame._file = NotImplemented
mpkit.frames[self._frnum] = frame
# print(self._frnum, 'stored')
mpkit.current += 1
elif self._exeng == 'server':
# record frames
if self._flag_d:
# frame._file = NotImplemented
self._frame.append(frame)
# print(self._frnum, 'stored')
self._frnum += 1
else:
if self._flag_d:
self._frame.append(frame)
self._proto = frame.protochain.chain
# return frame record
return frame
