dpkt.ah module¶
Authentication Header.
dpkt.aim module¶
AOL Instant Messenger.
-
class
dpkt.aim.
FLAP
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Frame Layer Protocol.
See more about the FLAP on https://en.wikipedia.org/wiki/OSCAR_protocol#FLAP_header
-
__hdr__
¶ Header fields of FLAP.
-
data
¶ Message data.
-
ast
¶
-
data
-
len
¶
-
seq
¶
-
type
¶
-
-
class
dpkt.aim.
SNAC
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Simple Network Atomic Communication.
See more about the SNAC on https://en.wikipedia.org/wiki/OSCAR_protocol#SNAC_data
-
__hdr__
¶ Header fields of SNAC.
-
data
¶
-
family
¶
-
flags
¶
-
reqid
¶
-
subtype
¶
-
dpkt.aoe module¶
ATA over Ethernet Protocol.
dpkt.aoeata module¶
ATA over Ethernet ATA command
-
class
dpkt.aoeata.
AOEATA
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
ATA over Ethernet ATA command.
See more about the AOEATA on https://en.wikipedia.org/wiki/ATA_over_Ethernet
-
__hdr__
¶ Header fields of AOEATA.
-
data
¶ Message data.
-
aflags
¶
-
cmdstat
¶
-
data
-
errfeat
¶
-
lba0
¶
-
lba1
¶
-
lba2
¶
-
lba3
¶
-
lba4
¶
-
lba5
¶
-
res
¶
-
scnt
¶
-
dpkt.aoecfg module¶
ATA over Ethernet ATA command
dpkt.arp module¶
Address Resolution Protocol.
dpkt.asn1 module¶
Abstract Syntax Notation #1.
-
dpkt.asn1.
utctime
(buf)[source]¶ Convert ASN.1 UTCTime string to UTC float.
TODO: Long description here.
Parameters: buf – A buffer with format “yymnddhhmm” Returns: A floating point number, indicates seconds since the Epoch.
-
dpkt.asn1.
decode
(buf)[source]¶ Sleazy ASN.1 decoder.
TODO: Long description here.
Parameters: buf – A buffer with Sleazy ASN.1 data. Returns: A list of (id, value) tuples from ASN.1 BER/DER encoded buffer. Raises: UnpackError – An error occurred the ASN.1 length exceed.
dpkt.bgp module¶
Border Gateway Protocol.
-
class
dpkt.bgp.
BGP
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Border Gateway Protocol.
BGP is an inter-AS routing protocol. See more about the BGP on https://en.wikipedia.org/wiki/Border_Gateway_Protocol
-
__hdr__
¶ Header fields of BGP.
-
#TODO
-
class
Open
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
class
Parameter
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
class
Authentication
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
code
¶
-
data
¶
-
-
data
¶
-
len
¶
-
type
¶
-
class
-
asn
¶
-
data
¶
-
holdtime
¶
-
identifier
¶
-
param_len
¶
-
v
¶
-
class
-
class
Update
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
class
Attribute
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
optional
¶
-
transitive
¶
-
partial
¶
-
extended_length
¶
-
class
Origin
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
type
¶
-
-
class
ASPath
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
class
NextHop
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
ip
¶
-
-
class
MultiExitDisc
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
value
¶
-
-
class
LocalPref
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
value
¶
-
-
class
AtomicAggregate
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
class
Communities
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
class
ReservedCommunity
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
value
¶
-
-
class
-
class
OriginatorID
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
value
¶
-
-
class
ClusterList
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
flags
¶
-
type
¶
-
-
class
-
class
Keepalive
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
len
¶
-
marker
¶
-
type
¶
-
-
class
dpkt.bgp.
RouteGeneric
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
len
¶
-
-
class
dpkt.bgp.
RouteIPV4
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
len
¶
-
-
class
dpkt.bgp.
RouteIPV6
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
len
¶
-
dpkt.cdp module¶
Cisco Discovery Protocol.
-
class
dpkt.cdp.
CDP
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Cisco Discovery Protocol.
See more about the BGP on https://en.wikipedia.org/wiki/Cisco_Discovery_Protocol
-
__hdr__
¶ Header fields of CDP.
-
#TODO
-
data
¶
-
sum
¶
-
ttl
¶
-
version
¶
-
dpkt.crc32c module¶
dpkt.decorators module¶
dpkt.dhcp module¶
Dynamic Host Configuration Protocol.
-
class
dpkt.dhcp.
DHCP
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Dynamic Host Configuration Protocol.
TODO: Longer class information….
-
__hdr__
¶ Header fields of DHCP.
-
TODO.
-
opts
= ((53, '\x01'), (55, '2\x03\x01\x06'))¶
-
chaddr
¶
-
ciaddr
¶
-
data
¶
-
file
¶
-
flags
¶
-
giaddr
¶
-
hln
¶
-
hops
¶
-
hrd
¶
-
magic
¶
-
op
¶
-
secs
¶
-
siaddr
¶
-
sname
¶
-
xid
¶
-
yiaddr
¶
-
dpkt.diameter module¶
Diameter.
-
class
dpkt.diameter.
Diameter
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Diameter.
TODO: Longer class information….
-
__hdr__
¶ Header fields of Diameter.
-
TODO.
-
request_flag
¶
-
proxiable_flag
¶
-
error_flag
¶
-
retransmit_flag
¶
-
app_id
¶
-
cmd
¶
-
data
¶
-
end_id
¶
-
flags
¶
-
hop_id
¶
-
len
¶
-
v
¶
-
dpkt.dns module¶
Domain Name System.
-
class
dpkt.dns.
DNS
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Domain Name System.
TODO: Longer class information….
-
__hdr__
¶ Header fields of DNS.
-
TODO.
-
qr
¶
-
opcode
¶
-
aa
¶
-
tc
¶
-
rd
¶
-
ra
¶
-
zero
¶
-
rcode
¶
-
class
RR
(*args, **kwargs)[source]¶ Bases:
dpkt.dns.Q
DNS resource record.
-
cls
¶
-
data
¶
-
name
¶
-
rdata
¶
-
rlen
¶
-
ttl
¶
-
type
¶
-
-
an
¶
-
ar
¶
-
data
¶
-
id
¶
-
ns
¶
-
op
¶
-
qd
¶
-
dpkt.dpkt module¶
Simple packet creation and parsing.
-
exception
dpkt.dpkt.
UnpackError
[source]¶ Bases:
dpkt.dpkt.Error
-
exception
dpkt.dpkt.
NeedData
[source]¶ Bases:
dpkt.dpkt.UnpackError
-
exception
dpkt.dpkt.
PackError
[source]¶ Bases:
dpkt.dpkt.Error
-
class
dpkt.dpkt.
Packet
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Temp
Base packet class, with metaclass magic to generate members from self.__hdr__.
-
__hdr__
¶ Packet header should be defined as a list of (name, structfmt, default) tuples.
-
__byte_order__
¶ Byte order, can be set to override the default (‘>’)
Example: >>> class Foo(Packet): … __hdr__ = ((‘foo’, ‘I’, 1), (‘bar’, ‘H’, 2), (‘baz’, ‘4s’, ‘quux’)) … >>> foo = Foo(bar=3) >>> foo Foo(bar=3) >>> str(foo) ‘quux’ >>> foo.bar 3 >>> foo.baz ‘quux’ >>> foo.foo = 7 >>> foo.baz = ‘whee’ >>> foo Foo(baz=’whee’, foo=7, bar=3) >>> Foo(‘hello, world!’) Foo(baz=’ wor’, foo=1751477356L, bar=28460, data=’ld!’)
-
dpkt.dtp module¶
Dynamic Trunking Protocol.
dpkt.esp module¶
Encapsulated Security Protocol.
dpkt.ethernet module¶
Ethernet II, LLC (802.3+802.2), LLC/SNAP, and Novell raw 802.3, with automatic 802.1q, MPLS, PPPoE, and Cisco ISL decapsulation.
-
class
dpkt.ethernet.
Ethernet
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Ethernet.
Ethernet II, LLC (802.3+802.2), LLC/SNAP, and Novell raw 802.3, with automatic 802.1q, MPLS, PPPoE, and Cisco ISL decapsulation.
-
__hdr__
¶ Header fields of Ethernet.
-
TODO.
-
data
¶
-
dst
¶
-
src
¶
-
type
¶
-
-
class
dpkt.ethernet.
MPLSlabel
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
A single entry in MPLS label stack
-
data
¶
-
-
class
dpkt.ethernet.
VLANtag8021Q
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
IEEE 802.1q VLAN tag
-
data
¶
-
type
¶
-
dpkt.gre module¶
Generic Routing Encapsulation.
dpkt.gzip module¶
GNU zip.
dpkt.h225 module¶
ITU-T H.225.0 Call Signaling.
dpkt.hsrp module¶
Cisco Hot Standby Router Protocol.
dpkt.http module¶
Hypertext Transfer Protocol.
-
dpkt.http.
parse_body
(f, headers)[source]¶ Return HTTP body parsed from a file object, given HTTP header dict.
-
class
dpkt.http.
Message
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Hypertext Transfer Protocol headers + body.
TODO: Longer class information….
-
__hdr__
¶ Header fields of HTTP.
-
TODO.
-
headers
= None¶
-
body
= None¶
-
-
class
dpkt.http.
Request
(*args, **kwargs)[source]¶ Bases:
dpkt.http.Message
Hypertext Transfer Protocol Request.
TODO: Longer class information….
-
__hdr__
¶ Header fields of HTTP request.
-
TODO.
-
-
class
dpkt.http.
Response
(*args, **kwargs)[source]¶ Bases:
dpkt.http.Message
Hypertext Transfer Protocol Response.
TODO: Longer class information….
-
__hdr__
¶ Header fields of HTTP Response.
-
TODO.
-
dpkt.icmp module¶
Internet Control Message Protocol.
dpkt.icmp6 module¶
Internet Control Message Protocol for IPv6.
dpkt.ieee80211 module¶
IEEE 802.11.
-
class
dpkt.ieee80211.
IEEE80211
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
IEEE 802.11.
TODO: Longer class information….
-
__hdr__
¶ Header fields of IEEE802.11.
-
TODO.
-
version
¶
-
type
¶
-
subtype
¶
-
to_ds
¶
-
from_ds
¶
-
more_frag
¶
-
retry
¶
-
pwr_mgt
¶
-
more_data
¶
-
wep
¶
-
order
¶
-
class
BlockAck
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
compressed
¶
-
ack_policy
¶
-
multi_tid
¶
-
tid
¶
-
ctl
¶
-
data
¶
-
dst
¶
-
seq
¶
-
src
¶
-
-
class
CTS
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
dst
¶
-
-
class
ACK
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
dst
¶
-
-
class
Beacon
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
capability
¶
-
data
¶
-
interval
¶
-
timestamp
¶
-
-
class
Disassoc
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
reason
¶
-
-
class
Reassoc_Req
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
capability
¶
-
current_ap
¶
-
data
¶
-
interval
¶
-
-
class
Deauth
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
reason
¶
-
-
class
BlockAckActionRequest
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
dialog
¶
-
parameters
¶
-
starting_seq
¶
-
timeout
¶
-
-
class
BlockAckActionResponse
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
dialog
¶
-
parameters
¶
-
status_code
¶
-
timeout
¶
-
-
class
DataInterDS
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
da
¶
-
data
¶
-
dst
¶
-
frag_seq
¶
-
sa
¶
-
src
¶
-
-
class
QoS_Data
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
control
¶
-
data
¶
-
-
class
FH
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
hopindex
¶
-
hoppattern
¶
-
hopset
¶
-
id
¶
-
len
¶
-
tu
¶
-
-
data
¶
-
duration
¶
-
framectl
¶
-
dpkt.igmp module¶
Internet Group Management Protocol.
dpkt.ip module¶
Internet Protocol.
dpkt.ip6 module¶
Internet Protocol, version 6.
-
class
dpkt.ip6.
IP6
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Internet Protocol, version 6.
TODO: Longer class information….
-
__hdr__
¶ Header fields of IPv6.
-
TODO.
-
v
¶
-
fc
¶
-
flow
¶
-
data
¶
-
dst
¶
-
hlim
¶
-
nxt
¶
-
plen
¶
-
src
¶
-
-
class
dpkt.ip6.
IP6ExtensionHeader
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
An extension header is very similar to a ‘sub-packet’. We just want to re-use all the hdr unpacking etc.
-
class
dpkt.ip6.
IP6OptsHeader
(*args, **kwargs)[source]¶ Bases:
dpkt.ip6.IP6ExtensionHeader
-
data
¶
-
len
¶
-
nxt
¶
-
-
class
dpkt.ip6.
IP6HopOptsHeader
(*args, **kwargs)[source]¶ Bases:
dpkt.ip6.IP6OptsHeader
-
data
¶
-
len
¶
-
nxt
¶
-
-
class
dpkt.ip6.
IP6DstOptsHeader
(*args, **kwargs)[source]¶ Bases:
dpkt.ip6.IP6OptsHeader
-
data
¶
-
len
¶
-
nxt
¶
-
-
class
dpkt.ip6.
IP6RoutingHeader
(*args, **kwargs)[source]¶ Bases:
dpkt.ip6.IP6ExtensionHeader
-
sl_bits
¶
-
data
¶
-
len
¶
-
nxt
¶
-
rsvd_sl_bits
¶
-
segs_left
¶
-
type
¶
-
-
class
dpkt.ip6.
IP6FragmentHeader
(*args, **kwargs)[source]¶ Bases:
dpkt.ip6.IP6ExtensionHeader
-
frag_off
¶
-
m_flag
¶
-
data
¶
-
frag_off_resv_m
¶
-
id
¶
-
nxt
¶
-
resv
¶
-
-
class
dpkt.ip6.
IP6AHHeader
(*args, **kwargs)[source]¶ Bases:
dpkt.ip6.IP6ExtensionHeader
-
data
¶
-
len
¶
-
nxt
¶
-
resv
¶
-
seq
¶
-
spi
¶
-
dpkt.ipx module¶
Internetwork Packet Exchange.
dpkt.llc module¶
-
class
dpkt.llc.
LLC
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
802.2 Logical Link Control (LLC) data communication protocol.
-
__hdr__ = (
(‘dsap’, ‘B’, 0xaa), # Destination Service Access Point (‘ssap’, ‘B’, 0xaa), # Source Service Access Point (‘ctl’, ‘B’, 3) # Control Byte
-
)
-
is_snap
¶
-
ctl
¶
-
data
¶
-
dsap
¶
-
ssap
¶
-
dpkt.loopback module¶
Platform-dependent loopback header.
dpkt.mrt module¶
Multi-threaded Routing Toolkit.
-
class
dpkt.mrt.
MRTHeader
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
len
¶
-
subtype
¶
-
ts
¶
-
type
¶
-
-
class
dpkt.mrt.
TableDump
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
attr_len
¶
-
data
¶
-
originated_ts
¶
-
peer_as
¶
-
peer_ip
¶
-
prefix
¶
-
prefix_len
¶
-
seq
¶
-
status
¶
-
view
¶
-
dpkt.netbios module¶
Network Basic Input/Output System.
-
class
dpkt.netbios.
NS
(*args, **kwargs)[source]¶ Bases:
dpkt.dns.DNS
NetBIOS Name Service.
-
class
RR
(*args, **kwargs)[source]¶ Bases:
dpkt.dns.RR
NetBIOS resource record.
-
cls
¶
-
data
¶
-
name
¶
-
rdata
¶
-
rlen
¶
-
ttl
¶
-
type
¶
-
-
an
¶
-
ar
¶
-
data
¶
-
id
¶
-
ns
¶
-
op
¶
-
qd
¶
-
class
dpkt.netflow module¶
Cisco Netflow.
-
class
dpkt.netflow.
NetflowBase
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Base class for Cisco Netflow packets.
TODO: Longer class information….
-
__hdr__
¶ Header fields of NetflowBase.
-
TODO.
-
class
NetflowRecordBase
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Base class for netflow v1-v7 netflow records.
TODO: Longer class information….
-
__hdr__
¶ Header fields of NetflowRecordBase.
-
TODO.
-
-
count
¶
-
data
¶
-
sys_uptime
¶
-
unix_nsec
¶
-
unix_sec
¶
-
version
¶
-
-
class
dpkt.netflow.
Netflow1
(*args, **kwargs)[source]¶ Bases:
dpkt.netflow.NetflowBase
Netflow Version 1.
TODO: Longer class information….
-
__hdr__
¶ Header fields of Netflow Version 1.
-
TODO.
-
class
NetflowRecord
(*args, **kwargs)[source]¶ Bases:
dpkt.netflow.NetflowRecordBase
Netflow v1 flow record.
TODO: Longer class information….
-
__hdr__
¶ Header fields of Netflow Version 1 flow record.
-
TODO.
-
bytes_sent
¶
-
data
¶
-
dst_addr
¶
-
dst_port
¶
-
end_time
¶
-
input_iface
¶
-
ip_proto
¶
-
next_hop
¶
-
output_iface
¶
-
pad1
¶
-
pad2
¶
-
pad3
¶
-
pkts_sent
¶
-
reserved
¶
-
src_addr
¶
-
src_port
¶
-
start_time
¶
-
tcp_flags
¶
-
tos
¶
-
-
count
¶
-
data
¶
-
sys_uptime
¶
-
unix_nsec
¶
-
unix_sec
¶
-
version
¶
-
-
class
dpkt.netflow.
Netflow5
(*args, **kwargs)[source]¶ Bases:
dpkt.netflow.NetflowBase
Netflow Version 5.
TODO: Longer class information….
-
__hdr__
¶ Header fields of Netflow Version 5.
-
TODO.
-
class
NetflowRecord
(*args, **kwargs)[source]¶ Bases:
dpkt.netflow.NetflowRecordBase
Netflow v5 flow record.
TODO: Longer class information….
-
__hdr__
¶ Header fields of Netflow Version 5 flow record.
-
TODO.
-
bytes_sent
¶
-
data
¶
-
dst_addr
¶
-
dst_as
¶
-
dst_mask
¶
-
dst_port
¶
-
end_time
¶
-
input_iface
¶
-
ip_proto
¶
-
next_hop
¶
-
output_iface
¶
-
pad1
¶
-
pad2
¶
-
pkts_sent
¶
-
src_addr
¶
-
src_as
¶
-
src_mask
¶
-
src_port
¶
-
start_time
¶
-
tcp_flags
¶
-
tos
¶
-
-
count
¶
-
data
¶
-
engine_id
¶
-
engine_type
¶
-
flow_sequence
¶
-
reserved
¶
-
sys_uptime
¶
-
unix_nsec
¶
-
unix_sec
¶
-
version
¶
-
-
class
dpkt.netflow.
Netflow6
(*args, **kwargs)[source]¶ Bases:
dpkt.netflow.NetflowBase
Netflow Version 6.
XXX - unsupported by Cisco, but may be found in the field. TODO: Longer class information….
-
__hdr__
¶ Header fields of Netflow Version 6.
-
TODO.
-
class
NetflowRecord
(*args, **kwargs)[source]¶ Bases:
dpkt.netflow.NetflowRecordBase
Netflow v6 flow record.
TODO: Longer class information….
-
__hdr__
¶ Header fields of Netflow Version 6 flow record.
-
TODO.
-
bytes_sent
¶
-
data
¶
-
dst_addr
¶
-
dst_as
¶
-
dst_mask
¶
-
dst_port
¶
-
end_time
¶
-
in_encaps
¶
-
input_iface
¶
-
ip_proto
¶
-
next_hop
¶
-
out_encaps
¶
-
output_iface
¶
-
pad1
¶
-
peer_nexthop
¶
-
pkts_sent
¶
-
src_addr
¶
-
src_as
¶
-
src_mask
¶
-
src_port
¶
-
start_time
¶
-
tcp_flags
¶
-
tos
¶
-
-
count
¶
-
data
¶
-
engine_id
¶
-
engine_type
¶
-
flow_sequence
¶
-
reserved
¶
-
sys_uptime
¶
-
unix_nsec
¶
-
unix_sec
¶
-
version
¶
-
-
class
dpkt.netflow.
Netflow7
(*args, **kwargs)[source]¶ Bases:
dpkt.netflow.NetflowBase
Netflow Version 7.
TODO: Longer class information….
-
__hdr__
¶ Header fields of Netflow Version 7.
-
TODO.
-
class
NetflowRecord
(*args, **kwargs)[source]¶ Bases:
dpkt.netflow.NetflowRecordBase
Netflow v6 flow record.
TODO: Longer class information….
-
__hdr__
¶ Header fields of Netflow Version 6 flow record.
-
TODO.
-
bytes_sent
¶
-
data
¶
-
dst_addr
¶
-
dst_as
¶
-
dst_mask
¶
-
dst_port
¶
-
end_time
¶
-
flags
¶
-
input_iface
¶
-
ip_proto
¶
-
next_hop
¶
-
output_iface
¶
-
pad2
¶
-
pkts_sent
¶
-
router_sc
¶
-
src_addr
¶
-
src_as
¶
-
src_mask
¶
-
src_port
¶
-
start_time
¶
-
tcp_flags
¶
-
tos
¶
-
-
count
¶
-
data
¶
-
flow_sequence
¶
-
reserved
¶
-
sys_uptime
¶
-
unix_nsec
¶
-
unix_sec
¶
-
version
¶
-
dpkt.ntp module¶
Network Time Protocol.
dpkt.ospf module¶
Open Shortest Path First.
dpkt.pcap module¶
Libpcap file format.
-
class
dpkt.pcap.
PktHdr
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
pcap packet header.
TODO: Longer class information….
-
__hdr__
¶ Header fields of pcap header.
-
TODO.
-
caplen
¶
-
data
¶
-
len
¶
-
tv_sec
¶
-
tv_usec
¶
-
-
class
dpkt.pcap.
LEPktHdr
(*args, **kwargs)[source]¶ Bases:
dpkt.pcap.PktHdr
-
caplen
¶
-
data
¶
-
len
¶
-
tv_sec
¶
-
tv_usec
¶
-
-
class
dpkt.pcap.
FileHdr
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
pcap file header.
TODO: Longer class information….
-
__hdr__
¶ Header fields of pcap file header.
-
TODO.
-
data
¶
-
linktype
¶
-
magic
¶
-
sigfigs
¶
-
snaplen
¶
-
thiszone
¶
-
v_major
¶
-
v_minor
¶
-
-
class
dpkt.pcap.
LEFileHdr
(*args, **kwargs)[source]¶ Bases:
dpkt.pcap.FileHdr
-
data
¶
-
linktype
¶
-
magic
¶
-
sigfigs
¶
-
snaplen
¶
-
thiszone
¶
-
v_major
¶
-
v_minor
¶
-
-
class
dpkt.pcap.
Writer
(fileobj, snaplen=1500, linktype=1, nano=False)[source]¶ Bases:
object
Simple pcap dumpfile writer.
TODO: Longer class information….
-
__hdr__
¶ Header fields of simple pcap dumpfile writer.
-
TODO.
-
-
class
dpkt.pcap.
Reader
(fileobj)[source]¶ Bases:
object
Simple pypcap-compatible pcap file reader.
TODO: Longer class information….
-
__hdr__
¶ Header fields of simple pypcap-compatible pcap file reader.
-
TODO.
-
fd
¶
-
dispatch
(cnt, callback, *args)[source]¶ Collect and process packets with a user callback.
Return the number of packets processed, or 0 for a savefile.
Arguments:
- cnt – number of packets to process;
- or 0 to process all packets until EOF
callback – function with (timestamp, pkt, *args) prototype *args – optional arguments passed to callback on execution
-
dpkt.pim module¶
Protocol Independent Multicast.
dpkt.pmap module¶
Portmap / rpcbind.
dpkt.ppp module¶
Point-to-Point Protocol.
dpkt.pppoe module¶
PPP-over-Ethernet.
-
class
dpkt.pppoe.
PPPoE
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
PPP-over-Ethernet.
TODO: Longer class information….
-
__hdr__
¶ Header fields of PPPoE.
-
TODO.
-
v
¶
-
type
¶
-
code
¶
-
data
¶
-
len
¶
-
session
¶
-
-
class
dpkt.pppoe.
PPP
(*args, **kwargs)[source]¶ Bases:
dpkt.ppp.PPP
-
data
¶
-
p
¶
-
dpkt.qq module¶
-
class
dpkt.qq.
QQBasicPacket
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
command
¶
-
data
¶
-
header_type
¶
-
qqNum
¶
-
sequence
¶
-
source
¶
-
dpkt.radiotap module¶
Radiotap
-
class
dpkt.radiotap.
Radiotap
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Radiotap.
TODO: Longer class information….
-
__hdr__
¶ Header fields of Radiotap.
-
TODO.
-
tsft_present
¶
-
flags_present
¶
-
rate_present
¶
-
channel_present
¶
-
fhss_present
¶
-
ant_sig_present
¶
-
ant_noise_present
¶
-
lock_qual_present
¶
-
tx_attn_present
¶
-
db_tx_attn_present
¶
-
dbm_tx_power_present
¶
-
ant_present
¶
-
db_ant_sig_present
¶
-
db_ant_noise_present
¶
-
rx_flags_present
¶
-
chanplus_present
¶
-
ext_present
¶
-
class
Antenna
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
index
¶
-
-
class
AntennaNoise
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
db
¶
-
-
class
AntennaSignal
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
db
¶
-
-
class
LockQuality
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
val
¶
-
-
data
¶
-
length
¶
-
pad
¶
-
present_flags
¶
-
version
¶
-
class
RxFlags
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
val
¶
-
-
class
Rate
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
val
¶
-
-
class
TSFT
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
usecs
¶
-
-
class
TxAttenuation
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
val
¶
-
-
class
DbTxAttenuation
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
db
¶
-
-
class
DbAntennaNoise
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
db
¶
-
-
class
DbAntennaSignal
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
db
¶
-
-
class
DbmTxPower
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
dbm
¶
-
-
dpkt.radius module¶
Remote Authentication Dial-In User Service.
dpkt.rfb module¶
Remote Framebuffer Protocol.
-
class
dpkt.rfb.
RFB
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Remote Framebuffer Protocol.
TODO: Longer class information….
-
__hdr__
¶ Header fields of RADIUS.
-
TODO.
-
data
¶
-
type
¶
-
-
class
dpkt.rfb.
SetPixelFormat
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
pad
¶
-
pixel_fmt
¶
-
-
class
dpkt.rfb.
SetEncodings
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
num_encodings
¶
-
pad
¶
-
-
class
dpkt.rfb.
FramebufferUpdateRequest
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
height
¶
-
incremental
¶
-
width
¶
-
x_position
¶
-
y_position
¶
-
-
class
dpkt.rfb.
KeyEvent
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
down_flag
¶
-
key
¶
-
pad
¶
-
-
class
dpkt.rfb.
PointerEvent
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
x_position
¶
-
y_position
¶
-
-
class
dpkt.rfb.
FramebufferUpdate
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
num_rects
¶
-
pad
¶
-
dpkt.rip module¶
Routing Information Protocol.
-
class
dpkt.rip.
RIP
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Routing Information Protocol.
TODO: Longer class information….
-
__hdr__
¶ Header fields of RIP.
-
TODO.
-
cmd
¶
-
data
¶
-
rsvd
¶
-
v
¶
-
dpkt.rpc module¶
Remote Procedure Call.
-
class
dpkt.rpc.
RPC
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Remote Procedure Call.
TODO: Longer class information….
-
__hdr__
¶ Header fields of RPC.
-
TODO.
-
class
Auth
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
flavor
¶
-
-
class
Reply
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
class
Accept
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
stat
¶
-
-
class
Reject
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
stat
¶
-
-
data
¶
-
stat
¶
-
class
-
data
¶
-
dir
¶
-
xid
¶
-
dpkt.rtp module¶
Real-Time Transport Protocol.
dpkt.rx module¶
Rx Protocol.
dpkt.sccp module¶
Cisco Skinny Client Control Protocol.
-
class
dpkt.sccp.
ActivateCallPlane
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
line_instance
¶
-
-
class
dpkt.sccp.
CallInfo
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
call_id
¶
-
call_type
¶
-
called_party
¶
-
called_party_name
¶
-
calling_party
¶
-
calling_party_name
¶
-
data
¶
-
line_instance
¶
-
orig_called_party
¶
-
orig_called_party_name
¶
-
-
class
dpkt.sccp.
CallState
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
call_id
¶
-
call_state
¶
-
data
¶
-
line_instance
¶
-
-
class
dpkt.sccp.
ClearPromptStatus
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
call_id
¶
-
data
¶
-
line_instance
¶
-
-
class
dpkt.sccp.
CloseReceiveChannel
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
conference_id
¶
-
data
¶
-
passthruparty_id
¶
-
-
class
dpkt.sccp.
DisplayPromptStatus
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
call_id
¶
-
data
¶
-
display_msg
¶
-
line_instance
¶
-
msg_timeout
¶
-
-
class
dpkt.sccp.
DisplayText
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
display_msg
¶
-
-
class
dpkt.sccp.
KeypadButton
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
-
class
dpkt.sccp.
OpenReceiveChannel
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
conference_id
¶
-
data
¶
-
echo_cancel_type
¶
-
g723_bitrate
¶
-
ms_packet
¶
-
passthruparty_id
¶
-
payload_capability
¶
-
-
class
dpkt.sccp.
OpenReceiveChannelAck
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
channel_status
¶
-
data
¶
-
ip
¶
-
passthruparty_id
¶
-
port
¶
-
-
class
dpkt.sccp.
SelectStartKeys
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
call_id
¶
-
data
¶
-
line_id
¶
-
softkey_map
¶
-
softkey_set
¶
-
-
class
dpkt.sccp.
SetLamp
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
lamp_mode
¶
-
stimulus
¶
-
stimulus_instance
¶
-
-
class
dpkt.sccp.
SetSpeakerMode
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
speaker
¶
-
-
class
dpkt.sccp.
StartMediaTransmission
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
call_reference
¶
-
conference_id
¶
-
data
¶
-
g723_bitrate
¶
-
ipv4_or_ipv6
¶
-
max_frames_per_pkt
¶
-
ms_packet
¶
-
passthruparty_id
¶
-
payload_capability
¶
-
precedence
¶
-
remote_ip
¶
-
remote_port
¶
-
silence_suppression
¶
-
-
class
dpkt.sccp.
StartTone
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
tone
¶
-
dpkt.sctp module¶
Stream Control Transmission Protocol.
-
class
dpkt.sctp.
SCTP
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Stream Control Transmission Protocol.
TODO: Longer class information….
-
__hdr__
¶ Header fields of SCTP.
-
TODO.
-
data
¶
-
dport
¶
-
sport
¶
-
sum
¶
-
vtag
¶
-
dpkt.sip module¶
Session Initiation Protocol.
-
class
dpkt.sip.
Request
(*args, **kwargs)[source]¶ Bases:
dpkt.http.Request
SIP request.
TODO: Longer class information….
-
__hdr__
¶ Header fields of SIP request.
-
TODO.
-
-
class
dpkt.sip.
Response
(*args, **kwargs)[source]¶ Bases:
dpkt.http.Response
SIP response.
TODO: Longer class information….
-
__hdr__
¶ Header fields of SIP response.
-
TODO.
-
dpkt.sll module¶
Linux libpcap “cooked” capture encapsulation.
dpkt.smb module¶
Server Message Block.
-
class
dpkt.smb.
SMB
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Server Message Block.
TODO: Longer class information….
-
__hdr__ = [
(‘proto’, ‘4s’, b’ÿSMB’), (‘cmd’, ‘B’, 0), (‘status’, ‘I’, SMB_STATUS_SUCCESS), (‘flags’, ‘B’, 0), (‘flags2’, ‘H’, 0), (‘_pidhi’, ‘H’, 0), (‘security’, ‘8s’, b’‘), (‘rsvd’, ‘H’, 0), (‘tid’, ‘H’, 0), (‘_pidlo’, ‘H’, 0), (‘uid’, ‘H’, 0), (‘mid’, ‘H’, 0)
-
]
-
pid
¶
-
cmd
¶
-
data
¶
-
flags
¶
-
flags2
¶
-
mid
¶
-
proto
¶
-
rsvd
¶
-
security
¶
-
status
¶
-
tid
¶
-
uid
¶
-
dpkt.snoop module¶
Snoop file format.
-
class
dpkt.snoop.
PktHdr
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
snoop packet header.
TODO: Longer class information….
-
__hdr__
¶ Header fields of snoop packet header.
-
TODO.
-
cum_drops
¶
-
data
¶
-
incl_len
¶
-
orig_len
¶
-
rec_len
¶
-
ts_sec
¶
-
ts_usec
¶
-
-
class
dpkt.snoop.
FileHdr
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
snoop file header.
TODO: Longer class information….
-
__hdr__
¶ Header fields of snoop file header.
-
TODO.
-
data
¶
-
linktype
¶
-
magic
¶
-
v
¶
-
-
class
dpkt.snoop.
Writer
(fileobj, linktype=4)[source]¶ Bases:
object
Simple snoop dumpfile writer.
TODO: Longer class information….
-
TODO.
-
dpkt.ssl module¶
Secure Sockets Layer / Transport Layer Security.
-
dpkt.ssl.
parse_variable_array
(buf, lenbytes)[source]¶ Parse an array described using the ‘Type name<x..y>’ syntax from the spec Read a length at the start of buf, and returns that many bytes after, in a tuple with the TOTAL bytes consumed (including the size). This does not check that the array is the right length for any given datatype.
-
dpkt.ssl.
parse_extensions
(buf)[source]¶ Parse TLS extensions in passed buf. Returns an ordered list of extension tuples with ordinal extension type as first value and extension data as second value. Passed buf must start with the 2-byte extensions length TLV. http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
-
class
dpkt.ssl.
TLSRecord
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
SSLv3 or TLSv1+ packet.
In addition to the fields specified in the header, there are compressed and decrypted fields, indicating whether, in the language of the spec, this is a TLSPlaintext, TLSCompressed, or TLSCiphertext. The application will have to figure out when it’s appropriate to change these values.
-
length
¶
-
data
¶
-
type
¶
-
version
¶
-
-
class
dpkt.ssl.
TLSChangeCipherSpec
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
ChangeCipherSpec message is just a single byte with value 1
-
data
¶
-
type
¶
-
-
class
dpkt.ssl.
TLSAppData
[source]¶ Bases:
str
As far as TLSRecord is concerned, AppData is just an opaque blob.
-
class
dpkt.ssl.
TLSHelloRequest
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
-
class
dpkt.ssl.
TLSClientHello
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
random
¶
-
version
¶
-
-
class
dpkt.ssl.
TLSServerHello
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
random
¶
-
version
¶
-
-
class
dpkt.ssl.
TLSCertificate
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
-
class
dpkt.ssl.
TLSUnknownHandshake
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
-
data
¶
-
-
dpkt.ssl.
TLSServerKeyExchange
¶ alias of
dpkt.ssl.TLSUnknownHandshake
-
dpkt.ssl.
TLSCertificateRequest
¶ alias of
dpkt.ssl.TLSUnknownHandshake
-
dpkt.ssl.
TLSServerHelloDone
¶ alias of
dpkt.ssl.TLSUnknownHandshake
-
dpkt.ssl.
TLSCertificateVerify
¶ alias of
dpkt.ssl.TLSUnknownHandshake
-
dpkt.ssl.
TLSClientKeyExchange
¶ alias of
dpkt.ssl.TLSUnknownHandshake
-
dpkt.ssl.
TLSFinished
¶ alias of
dpkt.ssl.TLSUnknownHandshake
-
class
dpkt.ssl.
TLSHandshake
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
A TLS Handshake message
This goes for all messages encapsulated in the Record layer, but especially important for handshakes and app data: A message may be spread across a number of TLSRecords, in addition to the possibility of there being more than one in a given Record. You have to put together the contents of TLSRecord’s yourself.
-
length
¶
-
data
¶
-
length_bytes
¶
-
type
¶
-
-
dpkt.ssl.
tls_multi_factory
(buf)[source]¶ Attempt to parse one or more TLSRecord’s out of buf
Parameters: buf – string containing SSL/TLS messages. May have an incomplete record on the end Returns: [TLSRecord] int, total bytes consumed, != len(buf) if an incomplete record was left at the end.Raises SSL3Exception.
-
class
dpkt.ssl.
TestTLS
[source]¶ Bases:
object
Test basic TLS functionality. Test that each TLSRecord is correctly discovered and added to TLS.records
-
class
dpkt.ssl.
TestTLSRecord
[source]¶ Bases:
object
Test basic TLSRecord functionality For this test, the contents of the record doesn’t matter, since we’re not parsing the next layer.
-
class
dpkt.ssl.
TestTLSChangeCipherSpec
[source]¶ Bases:
object
It’s just a byte. This will be quick, I promise
-
class
dpkt.ssl.
TestClientHello
[source]¶ Bases:
object
This data is extracted from and verified by Wireshark
dpkt.ssl_ciphersuites module¶
Nicely formatted cipher suite definitions for TLS
A list of cipher suites in the form of CipherSuite objects. These are supposed to be immutable; don’t mess with them.
-
class
dpkt.ssl_ciphersuites.
CipherSuite
(code, kx, auth, cipher, mode, mac, name=None, encoding=None)[source]¶ Bases:
object
Encapsulates a cipher suite.
Members/args: * code: two-byte ID code, as int * kx: key exchange algorithm, e.g. ‘RSA’ or ‘DHE’ * auth: authentication algorithm, e.g. ‘RSA’ or ‘DSS’ * cipher: stream or block cipher algorithm, e.g. ‘AES_128’ * mode: mode of operation for block ciphers, e.g. ‘CBC’ or ‘GCM’ * mac: message authentication code algorithm, e.g. ‘MD5’ or ‘SHA256’ * name: cipher suite name as defined in the RFCs,
e.g. ‘TLS_RSA_WITH_RC4_40_MD5’, can be generated by default from the other parameters- encoding: encoding algorithm, defaults to cipher+mode
Additional members: * kx_auth: kx+auth algorithm, as ‘KeyExchangeAlgorithm’ in RFCs
-
kx
¶
-
auth
¶
-
kx_auth
¶
-
encoding
¶
-
name
¶
-
MAC_SIZES
= {'MD5': 16, 'SHA': 20, 'SHA256': 32, 'SHA384': 48}¶
-
BLOCK_SIZES
= {'AES_128': 16, 'AES_256': 16}¶
-
mac_size
¶ In bytes. Default to 0.
-
block_size
¶ In bytes. Default to 1.
dpkt.stp module¶
Spanning Tree Protocol.
dpkt.stun module¶
Simple Traversal of UDP through NAT.
-
class
dpkt.stun.
STUN
(*args, **kwargs)[source]¶ Bases:
dpkt.dpkt.Packet
Simple Traversal of UDP through NAT.
STUN - RFC 3489 http://tools.ietf.org/html/rfc3489 Each packet has a 20 byte header followed by 0 or more attribute TLVs.
-
__hdr__
¶ Header fields of STUN.
-
TODO.
-
data
¶
-
len
¶
-
type
¶
-
xid
¶
-
dpkt.tcp module¶
Transmission Control Protocol.
dpkt.telnet module¶
Telnet.
dpkt.tftp module¶
Trivial File Transfer Protocol.
dpkt.tns module¶
Transparent Network Substrate.
dpkt.tpkt module¶
ISO Transport Service on top of the TCP (TPKT).
dpkt.udp module¶
User Datagram Protocol.
dpkt.vrrp module¶
Virtual Router Redundancy Protocol.