Package modules :: Package processing :: Module network :: Class Pcap
[hide private]
[frames] | no frames]

Class Pcap

source code

Reads network data from PCAP file.

Instance Methods [hide private]
 
__init__(self, filepath)
Creates a new instance.
source code
 
_dns_gethostbyname(self, name)
Get host by name wrapper.
source code
 
_is_private_ip(self, ip)
Check if the IP belongs to private network blocks.
source code
 
_add_hosts(self, connection)
Add IPs to unique list.
source code
 
_tcp_dissect(self, conn, data)
Runs all TCP dissectors.
source code
 
_udp_dissect(self, conn, data)
Runs all UDP dissectors.
source code
 
_check_icmp(self, icmp_data)
Checks for ICMP traffic.
source code
 
_icmp_dissect(self, conn, data)
Runs all ICMP dissectors.
source code
 
_check_dns(self, udpdata)
Checks for DNS traffic.
source code
 
_add_dns(self, udpdata)
Adds a DNS data flow.
source code
 
_add_domain(self, domain)
Add a domain to unique list.
source code
 
_check_http(self, tcpdata)
Checks for HTTP traffic.
source code
 
_add_http(self, tcpdata, dport)
Adds an HTTP flow.
source code
 
_reassemble_smtp(self, conn, data)
Reassemble a SMTP flow.
source code
 
_process_smtp(self)
Process SMTP flow.
source code
 
_check_irc(self, tcpdata)
Checks for IRC traffic.
source code
 
_add_irc(self, tcpdata)
Adds an IRC communication.
source code
 
run(self)
Process PCAP.
source code
Method Details [hide private]

__init__(self, filepath)
(Constructor)

source code 

Creates a new instance.

Parameters:
  • filepath - path to PCAP file

_dns_gethostbyname(self, name)

source code 

Get host by name wrapper.

Parameters:
  • name - hostname.
Returns:
IP address or blank

_is_private_ip(self, ip)

source code 

Check if the IP belongs to private network blocks.

Parameters:
  • ip - IP address to verify.
Returns:
boolean representing whether the IP belongs or not to a private network block.

_add_hosts(self, connection)

source code 

Add IPs to unique list.

Parameters:
  • connection - connection data

_tcp_dissect(self, conn, data)

source code 

Runs all TCP dissectors.

Parameters:
  • conn - connection.
  • data - payload data.

_udp_dissect(self, conn, data)

source code 

Runs all UDP dissectors.

Parameters:
  • conn - connection.
  • data - payload data.

_check_icmp(self, icmp_data)

source code 

Checks for ICMP traffic.

Parameters:
  • icmp_data - ICMP data flow.

_icmp_dissect(self, conn, data)

source code 

Runs all ICMP dissectors.

Parameters:
  • conn - connection.
  • data - payload data.

_check_dns(self, udpdata)

source code 

Checks for DNS traffic.

Parameters:
  • udpdata - UDP data flow.

_add_dns(self, udpdata)

source code 

Adds a DNS data flow.

Parameters:
  • udpdata - UDP data flow.

_add_domain(self, domain)

source code 

Add a domain to unique list.

Parameters:
  • domain - domain name.

_check_http(self, tcpdata)

source code 

Checks for HTTP traffic.

Parameters:
  • tcpdata - TCP data flow.

_add_http(self, tcpdata, dport)

source code 

Adds an HTTP flow.

Parameters:
  • tcpdata - TCP data flow.
  • dport - destination port.

_reassemble_smtp(self, conn, data)

source code 

Reassemble a SMTP flow.

Parameters:
  • conn - connection dict.
  • data - raw data.

_check_irc(self, tcpdata)

source code 

Checks for IRC traffic.

Parameters:
  • tcpdata - tcp data flow

_add_irc(self, tcpdata)

source code 

Adds an IRC communication.

Parameters:
  • tcpdata - TCP data in flow
  • dport - destination port

run(self)

source code 

Process PCAP.

Returns:
dict with network analysis data.