API Reference¶
Analyze packet capture format (pcap) files.
Classes¶
PacketAnalyzer¶
-
class
pcap_analysis.PacketAnalyzer(pcap_file)¶ Packet analyzer interface.
Parameters: pcap_file (str) – path to packet capture file (i.e., pcap or`pcapng`) -
arp¶ Address resolution protocol (ARP) analyzer accessor.
-
bootp¶ Bootstrap protocol (BOOTP) analyzer accessor.
-
dhcp¶ Dynamic host configuration protocol (DHCP) analyzer accessor.
-
icmp¶ Internet control message protocol (ICMP) analyzer accessor.
-
Analyzers¶
Access analyzer class instances through the PacketAnalyzer class. They
should not be instantiated directly and used standalone!
ARP¶
-
class
pcap_analysis._analyzers.arp.Arp¶ Address resolution protocol (ARP) analyzer.
-
did_device_arp_for(mac_address, target_ip)¶ Check if the specified device ARPed for the specified target IP address.
Parameters: - mac_address (str) – device MAC address
- target_ip (str) – target IP address
Returns: device sent ARP packet(s)
Return type: bool
-
did_device_receive_response(mac_address, target_ip)¶ Check if the specified device received an ARP reply from the specified target IP address.
If the device received a response, the IP and MAC address are included in the ARP table accessible with the
get_arp_tablemethod.Parameters: - mac_address (str) – device MAC address
- target_ip (str) – target IP address
Returns: device received ARP reply
Return type: bool
-
get_arp_table(mac_address, include_gratuitous=True)¶ Generate a hypothetical ARP table based on network traffic.
Parameters: - mac_address (str) – device MAC address
- include_gratuitous (bool) – include gratuitous ARP entries
Returns: generated ARP table
Return type: dict
Raises: ValueError – specified MAC address not observed in network traffic
-
get_gratuitous_arp_ips(mac_address)¶ Get set of IP address(es) announced via gratuitous ARP for the specified device.
Parameters: mac_address (str) – device MAC address Returns: announced IP addresses Return type: set of str Raises: ValueError – no gratuitous ARP packets sent from specified MAC address
-
get_probed_ips(mac_address)¶ Get set of IP address(es) probed by the specified device.
Parameters: mac_address (str) – device MAC address Returns: probed IP addresses Return type: set of str Raises: ValueError – no probe ARP packets sent from specified MAC address
-
BOOTP¶
-
class
pcap_analysis._analyzers.bootp.Bootp¶ Bootstrap protocol (BOOTP) analyzer.
-
did_client_make_request(mac_address)¶ Check if a device requested an IP address using BOOTP.
Parameters: mac_address (str) – client device MAC address Returns: client made BOOTP request Return type: bool
-
did_client_receive_ip_address(mac_address)¶ Check if a device received an IP address using BOOTP.
Parameters: mac_address (str) – client device MAC address Returns: client received IP address Return type: bool
-
get_received_ip_address(mac_address)¶ Get IP address assigned to device via BOOTP.
Parameters: mac_address (str) – client device MAC address Returns: assigned IP address Return type: str Raises: ValueError – no IP address assigned to specified MAC address
-
DHCP¶
-
class
pcap_analysis._analyzers.dhcp.Dhcp¶ Dynamic host configuration protocol (DHCP) analyzer.
-
did_client_make_request(mac_address)¶ Check if a device requested an IP address using DHCP.
Parameters: mac_address (str) – client device MAC address Returns: client made DHCP request Return type: bool
-
did_client_receive_ip_address(mac_address)¶ Check if a device received an IP address using DHCP.
Parameters: mac_address (str) – client device MAC address Returns: client received IP address Return type: bool
-
get_received_ip_address(mac_address)¶ Get IP address assigned to device via DHCP.
Parameters: mac_address (str) – client device MAC address Returns: assigned IP address Return type: str Raises: ValueError – no IP address assigned to specified MAC address
-
ICMP¶
-
class
pcap_analysis._analyzers.icmp.Icmp¶ Internet control message protocol (ICMP) analyzer.
-
did_device_ping(source_host_ip, target_host_ip)¶ Check if the specified source device pinged the specified target IP address.
Parameters: - source_host_ip (str) – source IP address
- target_host_ip (str) – target IP address
Returns: device pined specified target
Return type: bool
-
get_mean_rtt(source_host_ip, target_host_ip)¶ Calculate average round-trip time for the specified source and target hosts.
Parameters: - source_host_ip (str) – source IP address
- target_host_ip (str) – target IP address
Returns: average round-trip time
Return type: float
-
get_ping_count(source_host_ip, target_host_ip)¶ Count ping requests from source host to target host that received a response.
Parameters: - source_host_ip (str) – source IP address
- target_host_ip (str) – target IP address
Returns: number of ping requests with a corresponding response
Return type: int
-