`Pkg.PCAP` — API for parsing PCAP and PCAPNG packet capture files¶

Overview¶

The Pkg.PCAP module contains the API for parsing PCAP and PCAPNG packet capture files.

Parsing a PCAP File¶

The following code example demonstrates how to parse a PCAP file:

from Pro.Core import *
from Pkg.PCAP import *

def parsePCAP(fname):
    c = createContainerFromFile(fname)
    if c.isNull():
        return
    obj = PCAPObject()
    if not obj.Load(c) or not obj.Parse():
        return
    for packet in obj.IteratePackets():
        out = NTTextBuffer()
        packet.Dump(out)
        print(out.buffer)

Module API¶

Pkg.PCAP module API.

Classes:

PCAPObject()

This class represents a PCAP or PCAPNG capture file.

PCAPPacket()

This class represents a single packet.

class PCAPObject¶

Bases: Pro.Core.CFFObject

This class represents a PCAP or PCAPNG capture file.

Methods:

IteratePackets()

Iterates through the packets.

Parse()

Parses the format.

IteratePackets() → Optional[Pkg.PCAP.PCAPPacket]¶

Iterates through the packets.

Returns

Returns the next packet if available; otherwise returns None.

Return type

Optional[PCAPPacket]

See also PCAPPacket.

Parse() → bool¶

Parses the format.

Returns

Returns True if successful; otherwise returns False.

Return type

bool

See also IteratePackets().

class PCAPPacket¶

This class represents a single packet.

Methods:

Dump(out)

Outputs to a text stream information about the packet.

GetDestination()

Returns the destination IP as string.

GetInfo()

Returns information about the packet as a string

GetProtocolName()

Returns the protocol name.

GetSource()

Returns the source IP as string.

Attributes:

buf

The packet buffer.

caplen

The captured length of the packet.

data

The ethernet data of the packet.

ip

The IP data of the packet.

len

The length of the packet.

offset

The offset of the packet.

size

The total size of the packet.

timestamp

The timestamp of the packet.

Dump(out: Pro.Core.NTTextStream)¶

Outputs to a text stream information about the packet.

Parameters

out (NTTextStream) – The output stream.

See also GetInfo().

GetDestination() → str¶

Returns

Returns the destination IP as string.

Return type

str

See also GetSource().

GetInfo() → str¶

Returns

Returns information about the packet as a string

Return type

str

See also Dump().

GetProtocolName() → str¶

Returns

Returns the protocol name.

Return type

str

GetSource() → str¶

Returns

Returns the source IP as string.

Return type

str

See also GetDestination().

buf¶

The packet buffer.

caplen¶

The captured length of the packet.

data¶

The ethernet data of the packet.

ip¶

The IP data of the packet.

len¶

The length of the packet.

offset¶

The offset of the packet.

size¶

The total size of the packet.

timestamp¶

The timestamp of the packet.