dpkt

dpkt is a python module for fast, simple packet creation / parsing, with definitions for the basic TCP/IP protocols

Getting Started

Installation

DKPT is now available directly from pypi :)

Install the Code

pip install dpkt

Checkout the Code

git clone https://github.com/kbandla/dpkt.git

Examples

Examples in dpkt/examples

Print Packets Example

This example uses DPKT to read in a pcap file and print out the contents of the packets This example is focused on the fields in the Ethernet Frame and IP packet

Code Excerpt

# For each packet in the pcap process the contents
for timestamp, buf in pcap:

    # Print out the timestamp in UTC
    print 'Timestamp: ', str(datetime.datetime.utcfromtimestamp(timestamp))

    # Unpack the Ethernet frame (mac src/dst, ethertype)
    eth = dpkt.ethernet.Ethernet(buf)
    print 'Ethernet Frame: ', mac_addr(eth.src), mac_addr(eth.dst), eth.type

    # Make sure the Ethernet frame contains an IP packet
    if not isinstance(eth.data, dpkt.ip.IP):
        print 'Non IP Packet type not supported %s\n' % eth.data.__class__.__name__
        continue

    # Now unpack the data within the Ethernet frame (the IP packet)
    # Pulling out src, dst, length, fragment info, TTL, and Protocol
    ip = eth.data

    # Pull out fragment information (flags and offset all packed into off field, so use bitmasks)
    do_not_fragment = bool(ip.off & dpkt.ip.IP_DF)
    more_fragments = bool(ip.off & dpkt.ip.IP_MF)
    fragment_offset = ip.off & dpkt.ip.IP_OFFMASK

    # Print out the info
    print 'IP: %s -> %s   (len=%d ttl=%d DF=%d MF=%d offset=%d)\n' % \
          (inet_to_str(ip.src), inet_to_str(ip.dst), ip.len, ip.ttl, do_not_fragment, more_fragments, fragment_offset)

Example Output

Timestamp:  2004-05-13 10:17:07.311224
Ethernet Frame:  00:00:01:00:00:00 fe:ff:20:00:01:00 2048
IP: 145.254.160.237 -> 65.208.228.223   (len=48 ttl=128 DF=1 MF=0 offset=0)

Timestamp:  2004-05-13 10:17:08.222534
Ethernet Frame:  fe:ff:20:00:01:00 00:00:01:00:00:00 2048
IP: 65.208.228.223 -> 145.254.160.237   (len=48 ttl=47 DF=1 MF=0 offset=0)

...

dpkt/examples/print_packets.py

Use DPKT to read in a pcap file and print out the contents of the packets This example is focused on the fields in the Ethernet Frame and IP packet

examples.print_packets.mac_addr(address)

Convert a MAC address to a readable/printable string

Parameters:address (str) – a MAC address in hex form (e.g. ‘
’) Returns:Printable/readable MAC address Return type:str

examples.print_packets.inet_to_str(inet)

Convert inet object to a string

Parameters:inet (inet struct) – inet network address Returns:Printable/readable IP address Return type:str

examples.print_packets.print_packets(pcap)

Print out information about each packet in a pcap

Parameters:pcap – dpkt pcap reader object (dpkt.pcap.Reader)

examples.print_packets.test()

Open up a test pcap file and print out the packets

Print ICMP Example

This example expands on the print_packets example. It checks for ICMP packets and displays the ICMP contents.

Code Excerpt

# For each packet in the pcap process the contents
for timestamp, buf in pcap:

    # Unpack the Ethernet frame (mac src/dst, ethertype)
    eth = dpkt.ethernet.Ethernet(buf)

    # Make sure the Ethernet data contains an IP packet
    if not isinstance(eth.data, dpkt.ip.IP):
        print 'Non IP Packet type not supported %s\n' % eth.data.__class__.__name__
        continue

    # Now grab the data within the Ethernet frame (the IP packet)
    ip = eth.data

    # Now check if this is an ICMP packet
    if isinstance(ip.data, dpkt.icmp.ICMP):
        icmp = ip.data

        # Pull out fragment information (flags and offset all packed into off field, so use bitmasks)
        do_not_fragment = bool(ip.off & dpkt.ip.IP_DF)
        more_fragments = bool(ip.off & dpkt.ip.IP_MF)
        fragment_offset = ip.off & dpkt.ip.IP_OFFMASK

        # Print out the info
        print 'Timestamp: ', str(datetime.datetime.utcfromtimestamp(timestamp))
        print 'Ethernet Frame: ', mac_addr(eth.src), mac_addr(eth.dst), eth.type
        print 'IP: %s -> %s   (len=%d ttl=%d DF=%d MF=%d offset=%d)' % \
              (inet_to_str(ip.src), inet_to_str(ip.dst), ip.len, ip.ttl, do_not_fragment, more_fragments, fragment_offset)
        print 'ICMP: type:%d code:%d checksum:%d data: %s\n' % (icmp.type, icmp.code, icmp.sum, repr(icmp.data))

Example Output

Timestamp:  2013-05-30 22:45:17.283187
Ethernet Frame:  60:33:4b:13:c5:58 02:1a:11:f0:c8:3b 2048
IP: 192.168.43.9 -> 8.8.8.8   (len=84 ttl=64 DF=0 MF=0 offset=0)
ICMP: type:8 code:0 checksum:48051 data: Echo(id=55099, data='Q\xa7\xd6}\x00\x04Q\xe4\x08\t\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./01234567')

Timestamp:  2013-05-30 22:45:17.775391
Ethernet Frame:  02:1a:11:f0:c8:3b 60:33:4b:13:c5:58 2048
IP: 8.8.8.8 -> 192.168.43.9   (len=84 ttl=40 DF=0 MF=0 offset=0)
ICMP: type:0 code:0 checksum:50099 data: Echo(id=55099, data='Q\xa7\xd6}\x00\x04Q\xe4\x08\t\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./01234567')

...

dpkt/examples/print_icmp.py

This example expands on the print_packets example. It checks for ICMP packets and displays the ICMP contents.

examples.print_icmp.mac_addr(address)

Convert a MAC address to a readable/printable string

Parameters:address (str) – a MAC address in hex form (e.g. ‘
’) Returns:Printable/readable MAC address Return type:str

examples.print_icmp.inet_to_str(inet)

Convert inet object to a string

Parameters:inet (inet struct) – inet network address Returns:Printable/readable IP address Return type:str

examples.print_icmp.print_icmp(pcap)

Print out information about each packet in a pcap

Parameters:pcap – dpkt pcap reader object (dpkt.pcap.Reader)

examples.print_icmp.test()

Open up a test pcap file and print out the packets

Print HTTP Requests Example

This example expands on the print_packets example. It checks for HTTP request headers and displays their contents.

NOTE: We are not reconstructing ‘flows’ so the request (and response if you tried to parse it) will only parse correctly if they fit within a single packet. Requests can often fit in a single packet but Responses almost never will. For proper reconstruction of flows you may want to look at other projects that use DPKT (http://chains.readthedocs.io and others)

Code Excerpt

# For each packet in the pcap process the contents
for timestamp, buf in pcap:

    # Unpack the Ethernet frame (mac src/dst, ethertype)
    eth = dpkt.ethernet.Ethernet(buf)

    # Make sure the Ethernet data contains an IP packet
    if not isinstance(eth.data, dpkt.ip.IP):
        print 'Non IP Packet type not supported %s\n' % eth.data.__class__.__name__
        continue

    # Now grab the data within the Ethernet frame (the IP packet)
    ip = eth.data

    # Check for TCP in the transport layer
    if isinstance(ip.data, dpkt.tcp.TCP):

        # Set the TCP data
        tcp = ip.data

        # Now see if we can parse the contents as a HTTP request
        try:
            request = dpkt.http.Request(tcp.data)
        except (dpkt.dpkt.NeedData, dpkt.dpkt.UnpackError):
            continue

        # Pull out fragment information (flags and offset all packed into off field, so use bitmasks)
        do_not_fragment = bool(ip.off & dpkt.ip.IP_DF)
        more_fragments = bool(ip.off & dpkt.ip.IP_MF)
        fragment_offset = ip.off & dpkt.ip.IP_OFFMASK

        # Print out the info
        print 'Timestamp: ', str(datetime.datetime.utcfromtimestamp(timestamp))
        print 'Ethernet Frame: ', mac_addr(eth.src), mac_addr(eth.dst), eth.type
        print 'IP: %s -> %s   (len=%d ttl=%d DF=%d MF=%d offset=%d)' % \
              (inet_to_str(ip.src), inet_to_str(ip.dst), ip.len, ip.ttl, do_not_fragment, more_fragments, fragment_offset)
        print 'HTTP request: %s\n' % repr(request)

Example Output

Timestamp:  2004-05-13 10:17:08.222534
Ethernet Frame:  00:00:01:00:00:00 fe:ff:20:00:01:00 2048
IP: 145.254.160.237 -> 65.208.228.223   (len=519 ttl=128 DF=1 MF=0 offset=0)
HTTP request: Request(body='', uri='/download.html', headers={'accept-language': 'en-us,en;q=0.5', 'accept-encoding': 'gzip,deflate', 'connection': 'keep-alive', 'keep-alive': '300', 'accept': 'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1', 'user-agent': 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113', 'accept-charset': 'ISO-8859-1,utf-8;q=0.7,*;q=0.7', 'host': 'www.ethereal.com', 'referer': 'http://www.ethereal.com/development.html'}, version='1.1', data='', method='GET')

Timestamp:  2004-05-13 10:17:10.295515
Ethernet Frame:  00:00:01:00:00:00 fe:ff:20:00:01:00 2048
IP: 145.254.160.237 -> 216.239.59.99   (len=761 ttl=128 DF=1 MF=0 offset=0)
HTTP request: Request(body='', uri='/pagead/ads?client=ca-pub-2309191948673629&random=1084443430285&lmt=1082467020&format=468x60_as&output=html&url=http%3A%2F%2Fwww.ethereal.com%2Fdownload.html&color_bg=FFFFFF&color_text=333333&color_link=000000&color_url=666633&color_border=666633', headers={'accept-language': 'en-us,en;q=0.5', 'accept-encoding': 'gzip,deflate', 'connection': 'keep-alive', 'keep-alive': '300', 'accept': 'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1', 'user-agent': 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113', 'accept-charset': 'ISO-8859-1,utf-8;q=0.7,*;q=0.7', 'host': 'pagead2.googlesyndication.com', 'referer': 'http://www.ethereal.com/download.html'}, version='1.1', data='', method='GET')

...

dpkt/examples/print_http_requests.py

This example expands on the print_packets example. It checks for HTTP request headers and displays their contents. NOTE: We are not reconstructing ‘flows’ so the request (and response if you tried to parse it) will only

parse correctly if they fit within a single packet. Requests can often fit in a single packet but Responses almost never will. For proper reconstruction of flows you may want to look at other projects that use DPKT (http://chains.readthedocs.io and others)

examples.print_http_requests.mac_addr(address)

Convert a MAC address to a readable/printable string

Parameters:address (str) – a MAC address in hex form (e.g. ‘
’) Returns:Printable/readable MAC address Return type:str

examples.print_http_requests.inet_to_str(inet)

Convert inet object to a string

Parameters:inet (inet struct) – inet network address Returns:Printable/readable IP address Return type:str

examples.print_http_requests.print_http_requests(pcap)

Print out information about each packet in a pcap

Parameters:pcap – dpkt pcap reader object (dpkt.pcap.Reader)

examples.print_http_requests.test()

Open up a test pcap file and print out the packets

Jon Oberheide’s Examples

[@jonoberheide’s](https://twitter.com/jonoberheide) old examples still apply:

• dpkt Tutorial #1: ICMP Echo
• dpkt Tutorial #2: Parsing a PCAP File
• dpkt Tutorial #3: dns spoofing
• dpkt Tutorial #4: AS Paths from MRT/BGP

Jeff Silverman Docs/Code

Jeff Silverman has some code and documentation.

API Reference

API Reference

The dpkt API reference section is currently a work in progress, please have patience as we fill in and improve the documentation.

dpkt Modules

dpkt.ah module

Authentication Header.

class dpkt.ah.AH(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Authentication Header.

TODO: Longer class information….

__hdr__

Header fields of AH.

auth

Authentication body.

data

Message data.

auth = ''

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

len

nxt

rsvd

seq

spi

dpkt.aim module

AOL Instant Messenger.

class dpkt.aim.FLAP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Frame Layer Protocol.

See more about the FLAP on https://en.wikipedia.org/wiki/OSCAR_protocol#FLAP_header

__hdr__

Header fields of FLAP.

data

Message data.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

ast

data

len

seq

type

class dpkt.aim.SNAC(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Simple Network Atomic Communication.

See more about the SNAC on https://en.wikipedia.org/wiki/OSCAR_protocol#SNAC_data

__hdr__

Header fields of SNAC.

data

family

flags

reqid

subtype

dpkt.aim.tlv(buf)

dpkt.aim.testAIM()

dpkt.aim.testExceptions()

dpkt.aoe module

ATA over Ethernet Protocol.

class dpkt.aoe.AOE(*args, **kwargs)

Bases: dpkt.dpkt.Packet

ATA over Ethernet Protocol.

See more about the AOE on https://en.wikipedia.org/wiki/ATA_over_Ethernet

__hdr__

Header fields of AOE.

data

Message data.

ver

fl

classmethod set_cmd(cmd, pktclass)

classmethod get_cmd(cmd)

unpack(buf)

Unpack packet header fields from buf, and set self.data.

pack_hdr()

Return packed header string.

cmd

data

err

maj

min

tag

ver_fl

dpkt.aoeata module

ATA over Ethernet ATA command

class dpkt.aoeata.AOEATA(*args, **kwargs)

Bases: dpkt.dpkt.Packet

ATA over Ethernet ATA command.

See more about the AOEATA on https://en.wikipedia.org/wiki/ATA_over_Ethernet

__hdr__

Header fields of AOEATA.

data

Message data.

aflags

cmdstat

data

errfeat

lba0

lba1

lba2

lba3

lba4

lba5

res

scnt

dpkt.aoeata.test_aoeata()

dpkt.aoecfg module

ATA over Ethernet ATA command

class dpkt.aoecfg.AOECFG(*args, **kwargs)

Bases: dpkt.dpkt.Packet

ATA over Ethernet ATA command.

See more about the AOE on https://en.wikipedia.org/wiki/ATA_over_Ethernet

__hdr__

Header fields of AOECFG.

data

Message data.

aoeccmd

bufcnt

cslen

data

fwver

scnt

dpkt.aoecfg.test_aoecfg()

dpkt.arp module

Address Resolution Protocol.

class dpkt.arp.ARP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Address Resolution Protocol.

See more about the ARP on https://en.wikipedia.org/wiki/Address_Resolution_Protocol

__hdr__

Header fields of ARP.

data

hln

hrd

op

pln

pro

sha

spa

tha

tpa

dpkt.asn1 module

Abstract Syntax Notation #1.

dpkt.asn1.utctime(buf)

Convert ASN.1 UTCTime string to UTC float.

TODO: Long description here.

Parameters:buf – A buffer with format “yymnddhhmm” Returns:A floating point number, indicates seconds since the Epoch.

dpkt.asn1.decode(buf)

Sleazy ASN.1 decoder.

TODO: Long description here.

Parameters:buf – A buffer with Sleazy ASN.1 data. Returns:A list of (id, value) tuples from ASN.1 BER/DER encoded buffer. Raises:UnpackError – An error occurred the ASN.1 length exceed.

dpkt.asn1.test_asn1()

dpkt.bgp module

Border Gateway Protocol.

class dpkt.bgp.BGP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Border Gateway Protocol.

BGP is an inter-AS routing protocol. See more about the BGP on https://en.wikipedia.org/wiki/Border_Gateway_Protocol

__hdr__

Header fields of BGP.

#TODO

unpack(buf)

Unpack packet header fields from buf, and set self.data.

class Open(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

class Parameter(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

class Authentication(*args, **kwargs)

Bases: dpkt.dpkt.Packet

code

data

class Capability(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

code

data

len

data

len

type

asn

data

holdtime

identifier

param_len

v

class Update(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

class Attribute(*args, **kwargs)

Bases: dpkt.dpkt.Packet

optional

transitive

partial

extended_length

unpack(buf)

Unpack packet header fields from buf, and set self.data.

class Origin(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

type

class ASPath(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

class ASPathSegment(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

len

type

class NextHop(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

ip

class MultiExitDisc(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

value

class LocalPref(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

value

class AtomicAggregate(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

class Aggregator(*args, **kwargs)

Bases: dpkt.dpkt.Packet

asn

data

ip

class Communities(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

class Community(*args, **kwargs)

Bases: dpkt.dpkt.Packet

asn

data

value

class ReservedCommunity(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

value

class OriginatorID(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

value

class ClusterList(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

class MPReachNLRI(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

class SNPA

Bases: object

unpack(buf)

afi

data

safi

class MPUnreachNLRI(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

afi

data

safi

data

flags

type

class Notification(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

code

data

subcode

class Keepalive(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

class RouteRefresh(*args, **kwargs)

Bases: dpkt.dpkt.Packet

afi

data

rsvd

safi

data

len

marker

type

class dpkt.bgp.RouteGeneric(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

len

class dpkt.bgp.RouteIPV4(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

len

class dpkt.bgp.RouteIPV6(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

len

class dpkt.bgp.RouteEVPN(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

len

type

dpkt.bgp.test_pack()

dpkt.bgp.test_unpack()

dpkt.cdp module

Cisco Discovery Protocol.

class dpkt.cdp.CDP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Cisco Discovery Protocol.

See more about the BGP on https://en.wikipedia.org/wiki/Cisco_Discovery_Protocol

__hdr__

Header fields of CDP.

#TODO

class Address(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

alen

data

p

plen

ptype

class TLV(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

len

type

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

sum

ttl

version

dpkt.crc32c module

dpkt.crc32c.add(crc, buf)

dpkt.crc32c.done(crc)

dpkt.crc32c.cksum(buf)

Return computed CRC-32c checksum.

dpkt.crc32c.test_crc32c()

dpkt.decorators module

dpkt.decorators.decorator_with_args(decorator_to_enhance)

This is decorator for decorator. It allows any decorator to get additional arguments

dpkt.decorators.deprecated(*args, **kwargs)

class dpkt.decorators.TestDeprecatedDecorator

Bases: object

new_method()

old_method(**kwargs)

deprecated_decorator(**kwargs)

test_deprecated_decorator()

dpkt.dhcp module

Dynamic Host Configuration Protocol.

class dpkt.dhcp.DHCP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Dynamic Host Configuration Protocol.

TODO: Longer class information….

__hdr__

Header fields of DHCP.

TODO.

opts = ((53, '\x01'), (55, '2\x03\x01\x06'))

pack_opts()

Return packed options string.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

chaddr

ciaddr

data

file

flags

giaddr

hln

hops

hrd

magic

op

secs

siaddr

sname

xid

yiaddr

dpkt.dhcp.test_dhcp()

dpkt.diameter module

Diameter.

class dpkt.diameter.Diameter(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Diameter.

TODO: Longer class information….

__hdr__

Header fields of Diameter.

TODO.

request_flag

proxiable_flag

error_flag

retransmit_flag

unpack(buf)

Unpack packet header fields from buf, and set self.data.

pack_hdr()

Return packed header string.

app_id

cmd

data

end_id

flags

hop_id

len

v

class dpkt.diameter.AVP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

vendor_flag

mandatory_flag

protected_flag

code

data

flags

len

unpack(buf)

Unpack packet header fields from buf, and set self.data.

pack_hdr()

Return packed header string.

dpkt.diameter.test_pack()

dpkt.diameter.test_unpack()

dpkt.dns module

Domain Name System.

dpkt.dns.pack_name(name, off, label_ptrs)

dpkt.dns.unpack_name(buf, off)

class dpkt.dns.DNS(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Domain Name System.

TODO: Longer class information….

__hdr__

Header fields of DNS.

TODO.

qr

opcode

aa

tc

rd

ra

zero

rcode

class Q(*args, **kwargs)

Bases: dpkt.dpkt.Packet

DNS question.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

cls

data

name

type

class RR(*args, **kwargs)

Bases: dpkt.dns.Q

DNS resource record.

pack_rdata(off, label_ptrs)

unpack_rdata(buf, off)

cls

data

name

rdata

rlen

ttl

type

pack_q(buf, q)

Append packed DNS question and return buf.

unpack_q(buf, off)

Return DNS question and new offset.

pack_rr(buf, rr)

Append packed DNS RR and return buf.

unpack_rr(buf, off)

Return DNS RR and new offset.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

an

ar

data

id

ns

op

qd

dpkt.dns.test_basic()

dpkt.dns.test_PTR()

dpkt.dns.test_OPT()

dpkt.dns.test_pack_name()

dpkt.dns.test_random_data()

dpkt.dns.test_circular_pointers()

dpkt.dns.test_very_long_name()

dpkt.dns.test_null_response()

dpkt.dns.test_txt_response()

dpkt.dns.test_rdata_TXT()

dpkt.dns.test_rdata_HINFO()

dpkt.dns.test_dns_len()

dpkt.dpkt module

Simple packet creation and parsing.

exception dpkt.dpkt.Error

Bases: exceptions.Exception

exception dpkt.dpkt.UnpackError

Bases: dpkt.dpkt.Error

exception dpkt.dpkt.NeedData

Bases: dpkt.dpkt.UnpackError

exception dpkt.dpkt.PackError

Bases: dpkt.dpkt.Error

class dpkt.dpkt.Packet(*args, **kwargs)

Bases: dpkt.dpkt.Temp

Base packet class, with metaclass magic to generate members from self.__hdr__.

__hdr__

Packet header should be defined as a list of (name, structfmt, default) tuples.

__byte_order__

Byte order, can be set to override the default (‘>’)

Example: >>> class Foo(Packet): … __hdr__ = ((‘foo’, ‘I’, 1), (‘bar’, ‘H’, 2), (‘baz’, ‘4s’, ‘quux’)) … >>> foo = Foo(bar=3) >>> foo Foo(bar=3) >>> str(foo) ‘
quux’ >>> foo.bar 3 >>> foo.baz ‘quux’ >>> foo.foo = 7 >>> foo.baz = ‘whee’ >>> foo Foo(baz=’whee’, foo=7, bar=3) >>> Foo(‘hello, world!’) Foo(baz=’ wor’, foo=1751477356L, bar=28460, data=’ld!’)

pack_hdr()

Return packed header string.

pack()

Return packed header + self.data string.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

dpkt.dpkt.hexdump(buf, length=16)

Return a hexdump output string of the given buffer.

dpkt.dpkt.in_cksum_add(s, buf)

dpkt.dpkt.in_cksum_done(s)

dpkt.dpkt.in_cksum(buf)

Return computed Internet checksum.

dpkt.dpkt.test_utils()

dpkt.dtp module

Dynamic Trunking Protocol.

class dpkt.dtp.DTP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Dynamic Trunking Protocol.

TODO: Longer class information….

__hdr__

Header fields of DTP.

TODO.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

v

dpkt.esp module

Encapsulated Security Protocol.

class dpkt.esp.ESP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Encapsulated Security Protocol.

TODO: Longer class information….

__hdr__

Header fields of ESP.

TODO.

data

seq

spi

dpkt.ethernet module

Ethernet II, LLC (802.3+802.2), LLC/SNAP, and Novell raw 802.3, with automatic 802.1q, MPLS, PPPoE, and Cisco ISL decapsulation.

dpkt.ethernet.isstr(s)

class dpkt.ethernet.Ethernet(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Ethernet.

Ethernet II, LLC (802.3+802.2), LLC/SNAP, and Novell raw 802.3, with automatic 802.1q, MPLS, PPPoE, and Cisco ISL decapsulation.

__hdr__

Header fields of Ethernet.

TODO.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

pack_hdr()

Return packed header string.

classmethod set_type(t, pktclass)

classmethod get_type(t)

classmethod get_type_rev(k)

data

dst

src

type

class dpkt.ethernet.MPLSlabel(*args, **kwargs)

Bases: dpkt.dpkt.Packet

A single entry in MPLS label stack

unpack(buf)

Unpack packet header fields from buf, and set self.data.

pack_hdr()

Return packed header string.

as_tuple()

data

class dpkt.ethernet.VLANtag8021Q(*args, **kwargs)

Bases: dpkt.dpkt.Packet

IEEE 802.1q VLAN tag

unpack(buf)

Unpack packet header fields from buf, and set self.data.

pack_hdr()

Return packed header string.

as_tuple()

data

type

class dpkt.ethernet.VLANtagISL(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Cisco Inter-Switch Link VLAN tag

unpack(buf)

Unpack packet header fields from buf, and set self.data.

pack_hdr()

Return packed header string.

da

data

hsa

indx

len

res

sa

snap

dpkt.ethernet.test_eth()

dpkt.ethernet.test_eth_init_with_data()

dpkt.ethernet.test_mpls_label()

dpkt.ethernet.test_802dot1q_tag()

dpkt.ethernet.test_isl_tag()

dpkt.ethernet.test_eth_802dot1q()

dpkt.ethernet.test_eth_802dot1q_stacked()

dpkt.ethernet.test_eth_mpls_stacked()

dpkt.ethernet.test_isl_eth_llc_stp()

dpkt.ethernet.test_eth_llc_snap_cdp()

dpkt.ethernet.test_eth_llc_ipx()

dpkt.ethernet.test_eth_pppoe()

dpkt.ethernet.test_eth_2mpls_ecw_eth_llc_stp()

dpkt.ethernet.test_eth_802dot1ad_802dot1q_ip()

dpkt.gre module

Generic Routing Encapsulation.

class dpkt.gre.GRE(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Generic Routing Encapsulation.

TODO: Longer class information….

__hdr__

Header fields of GRE.

TODO.

sre = ()

v

recur

class SRE(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

family

len

off

opt_fields_fmts()

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

flags

p

dpkt.gre.test_gre_v1()

dpkt.gre.test_gre_len()

dpkt.gzip module

GNU zip.

class dpkt.gzip.GzipExtra(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

id

len

class dpkt.gzip.Gzip(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

pack_hdr()

Return packed header string.

compress()

Compress self.data.

decompress()

Return decompressed payload.

comment

data

extra

filename

flags

magic

method

mtime

os

xflags

class dpkt.gzip.TestGzip

Bases: object

This data is created with the gzip command line tool

classmethod setup_class()

test_method()

test_flags()

test_mtime()

test_xflags()

test_os()

test_filename()

test_decompress()

dpkt.h225 module

ITU-T H.225.0 Call Signaling.

class dpkt.h225.H225(*args, **kwargs)

Bases: dpkt.dpkt.Packet

ITU-T H.225.0 Call Signaling.

TODO: Longer class information….

__hdr__

Header fields of H225.

TODO.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

class IE(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

type

data

proto

ref_len

dpkt.h225.test_pack()

dpkt.h225.test_unpack()

dpkt.hsrp module

Cisco Hot Standby Router Protocol.

class dpkt.hsrp.HSRP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Cisco Hot Standby Router Protocol.

TODO: Longer class information….

__hdr__

Header fields of HSRP.

TODO.

auth

data

group

hello

hold

opcode

priority

rsvd

state

version

vip

dpkt.http module

Hypertext Transfer Protocol.

dpkt.http.parse_headers(f)

Return dict of HTTP headers parsed from a file object.

dpkt.http.parse_body(f, headers)

Return HTTP body parsed from a file object, given HTTP header dict.

class dpkt.http.Message(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Hypertext Transfer Protocol headers + body.

TODO: Longer class information….

__hdr__

Header fields of HTTP.

TODO.

headers = None

body = None

unpack(buf, is_body_allowed=True)

Unpack packet header fields from buf, and set self.data.

pack_hdr()

Return packed header string.

class dpkt.http.Request(*args, **kwargs)

Bases: dpkt.http.Message

Hypertext Transfer Protocol Request.

TODO: Longer class information….

__hdr__

Header fields of HTTP request.

TODO.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

class dpkt.http.Response(*args, **kwargs)

Bases: dpkt.http.Message

Hypertext Transfer Protocol Response.

TODO: Longer class information….

__hdr__

Header fields of HTTP Response.

TODO.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

dpkt.http.test_parse_request()

dpkt.http.test_format_request()

dpkt.http.test_chunked_response()

dpkt.http.test_multicookie_response()

dpkt.http.test_noreason_response()

dpkt.http.test_response_with_body()

dpkt.http.test_body_forbidden_response()

dpkt.http.test_request_version()

dpkt.http.test_invalid_header()

dpkt.http.test_gzip_response()

dpkt.icmp module

Internet Control Message Protocol.

class dpkt.icmp.ICMP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Internet Control Message Protocol.

TODO: Longer class information….

__hdr__

Header fields of ICMP.

TODO.

class Echo(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

id

seq

class Quote(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

pad

class Unreach(*args, **kwargs)

Bases: dpkt.icmp.Quote

data

mtu

pad

class Quench(*args, **kwargs)

Bases: dpkt.icmp.Quote

data

pad

class Redirect(*args, **kwargs)

Bases: dpkt.icmp.Quote

data

gw

class ParamProbe(*args, **kwargs)

Bases: dpkt.icmp.Quote

data

pad1

pad2

ptr

class TimeExceed(*args, **kwargs)

Bases: dpkt.icmp.Quote

data

pad

unpack(buf)

Unpack packet header fields from buf, and set self.data.

code

data

sum

type

dpkt.icmp.test_icmp()

dpkt.icmp6 module

Internet Control Message Protocol for IPv6.

class dpkt.icmp6.ICMP6(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Internet Control Message Protocol for IPv6.

TODO: Longer class information….

__hdr__

Header fields of ICMPv6.

TODO.

class Error(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

pad

class Unreach(*args, **kwargs)

Bases: dpkt.icmp6.Error

data

pad

class TooBig(*args, **kwargs)

Bases: dpkt.icmp6.Error

data

mtu

class TimeExceed(*args, **kwargs)

Bases: dpkt.icmp6.Error

data

pad

class ParamProb(*args, **kwargs)

Bases: dpkt.icmp6.Error

data

ptr

class Echo(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

id

seq

unpack(buf)

Unpack packet header fields from buf, and set self.data.

code

data

sum

type

dpkt.ieee80211 module

IEEE 802.11.

class dpkt.ieee80211.IEEE80211(*args, **kwargs)

Bases: dpkt.dpkt.Packet

IEEE 802.11.

TODO: Longer class information….

__hdr__

Header fields of IEEE802.11.

TODO.

version

type

subtype

to_ds

from_ds

more_frag

retry

pwr_mgt

more_data

wep

order

unpack_ies(buf)

class Capability(field)

Bases: object

unpack(buf)

Unpack packet header fields from buf, and set self.data.

class BlockAckReq(*args, **kwargs)

Bases: dpkt.dpkt.Packet

ctl

data

dst

seq

src

class BlockAck(*args, **kwargs)

Bases: dpkt.dpkt.Packet

compressed

ack_policy

multi_tid

tid

unpack(buf)

Unpack packet header fields from buf, and set self.data.

ctl

data

dst

seq

src

class RTS(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

dst

src

class CTS(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

dst

class ACK(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

dst

class CFEnd(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

dst

src

class MGMT_Frame(*args, **kwargs)

Bases: dpkt.dpkt.Packet

bssid

data

dst

frag_seq

src

class Beacon(*args, **kwargs)

Bases: dpkt.dpkt.Packet

capability

data

interval

timestamp

class Disassoc(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

reason

class Assoc_Req(*args, **kwargs)

Bases: dpkt.dpkt.Packet

capability

data

interval

class Assoc_Resp(*args, **kwargs)

Bases: dpkt.dpkt.Packet

aid

capability

data

status

class Reassoc_Req(*args, **kwargs)

Bases: dpkt.dpkt.Packet

capability

current_ap

data

interval

class Auth(*args, **kwargs)

Bases: dpkt.dpkt.Packet

algorithm

auth_seq

data

class Deauth(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

reason

class Action(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

category

code

data

class BlockAckActionRequest(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

dialog

parameters

starting_seq

timeout

class BlockAckActionResponse(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

dialog

parameters

status_code

timeout

class Data(*args, **kwargs)

Bases: dpkt.dpkt.Packet

bssid

data

dst

frag_seq

src

class DataFromDS(*args, **kwargs)

Bases: dpkt.dpkt.Packet

bssid

data

dst

frag_seq

src

class DataToDS(*args, **kwargs)

Bases: dpkt.dpkt.Packet

bssid

data

dst

frag_seq

src

class DataInterDS(*args, **kwargs)

Bases: dpkt.dpkt.Packet

da

data

dst

frag_seq

sa

src

class QoS_Data(*args, **kwargs)

Bases: dpkt.dpkt.Packet

control

data

class IE(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

id

len

class FH(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

hopindex

hoppattern

hopset

id

len

tu

class DS(*args, **kwargs)

Bases: dpkt.dpkt.Packet

ch

data

id

len

class CF(*args, **kwargs)

Bases: dpkt.dpkt.Packet

count

data

dur

id

len

max

period

data

duration

framectl

class TIM(*args, **kwargs)

Bases: dpkt.dpkt.Packet

count

ctrl

data

id

len

period

unpack(buf)

Unpack packet header fields from buf, and set self.data.

class IBSS(*args, **kwargs)

Bases: dpkt.dpkt.Packet

atim

data

id

len

dpkt.ieee80211.test_802211_ack()

dpkt.ieee80211.test_80211_beacon()

dpkt.ieee80211.test_80211_data()

dpkt.ieee80211.test_80211_data_qos()

dpkt.ieee80211.test_bug()

dpkt.ieee80211.test_data_ds()

dpkt.ieee80211.test_compressed_block_ack()

dpkt.ieee80211.test_action_block_ack_request()

dpkt.ieee80211.test_action_block_ack_response()

dpkt.igmp module

Internet Group Management Protocol.

class dpkt.igmp.IGMP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Internet Group Management Protocol.

TODO: Longer class information….

__hdr__

Header fields of IGMP.

TODO.

data

group

maxresp

sum

type

dpkt.ip module

Internet Protocol.

class dpkt.ip.IP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Internet Protocol.

TODO: Longer class information….

__hdr__

Header fields of IP.

TODO.

opts = ''

len

v

hl

rf

df

mf

offset

unpack(buf)

Unpack packet header fields from buf, and set self.data.

classmethod set_proto(p, pktclass)

classmethod get_proto(p)

data

dst

id

off

p

src

sum

tos

ttl

dpkt.ip.test_ip()

dpkt.ip.test_hl()

dpkt.ip.test_opt()

dpkt.ip.test_zerolen()

dpkt.ip.test_constuctor()

dpkt.ip.test_frag()

dpkt.ip6 module

Internet Protocol, version 6.

class dpkt.ip6.IP6(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Internet Protocol, version 6.

TODO: Longer class information….

__hdr__

Header fields of IPv6.

TODO.

v

fc

flow

unpack(buf)

Unpack packet header fields from buf, and set self.data.

headers_str()

classmethod set_proto(p, pktclass)

classmethod get_proto(p)

data

dst

hlim

nxt

plen

src

class dpkt.ip6.IP6ExtensionHeader(*args, **kwargs)

Bases: dpkt.dpkt.Packet

An extension header is very similar to a ‘sub-packet’. We just want to re-use all the hdr unpacking etc.

class dpkt.ip6.IP6OptsHeader(*args, **kwargs)

Bases: dpkt.ip6.IP6ExtensionHeader

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

len

nxt

class dpkt.ip6.IP6HopOptsHeader(*args, **kwargs)

Bases: dpkt.ip6.IP6OptsHeader

data

len

nxt

class dpkt.ip6.IP6DstOptsHeader(*args, **kwargs)

Bases: dpkt.ip6.IP6OptsHeader

data

len

nxt

class dpkt.ip6.IP6RoutingHeader(*args, **kwargs)

Bases: dpkt.ip6.IP6ExtensionHeader

sl_bits

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

len

nxt

rsvd_sl_bits

segs_left

type

class dpkt.ip6.IP6FragmentHeader(*args, **kwargs)

Bases: dpkt.ip6.IP6ExtensionHeader

unpack(buf)

Unpack packet header fields from buf, and set self.data.

frag_off

m_flag

data

frag_off_resv_m

id

nxt

resv

class dpkt.ip6.IP6AHHeader(*args, **kwargs)

Bases: dpkt.ip6.IP6ExtensionHeader

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

len

nxt

resv

seq

spi

class dpkt.ip6.IP6ESPHeader(*args, **kwargs)

Bases: dpkt.ip6.IP6ExtensionHeader

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

seq

spi

dpkt.ip6.test_ipg()

dpkt.ip6.test_ip6_routing_header()

dpkt.ip6.test_ip6_fragment_header()

dpkt.ip6.test_ip6_options_header()

dpkt.ip6.test_ip6_ah_header()

dpkt.ip6.test_ip6_esp_header()

dpkt.ip6.test_ip6_extension_headers()

dpkt.ip6.test_ip6_all_extension_headers()

dpkt.ipx module

Internetwork Packet Exchange.

class dpkt.ipx.IPX(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Internetwork Packet Exchange.

TODO: Longer class information….

__hdr__

Header fields of IPX.

TODO.

data

dst

len

pt

src

sum

tc

dpkt.llc module

class dpkt.llc.LLC(*args, **kwargs)

Bases: dpkt.dpkt.Packet

802.2 Logical Link Control (LLC) data communication protocol.

__hdr__ = (

(‘dsap’, ‘B’, 0xaa), # Destination Service Access Point (‘ssap’, ‘B’, 0xaa), # Source Service Access Point (‘ctl’, ‘B’, 3) # Control Byte

)

is_snap

unpack(buf)

Unpack packet header fields from buf, and set self.data.

pack_hdr()

Return packed header string.

ctl

data

dsap

ssap

dpkt.llc.test_llc()

dpkt.loopback module

Platform-dependent loopback header.

class dpkt.loopback.Loopback(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Platform-dependent loopback header.

TODO: Longer class information….

__hdr__

Header fields of Loopback.

TODO.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

family

dpkt.mrt module

Multi-threaded Routing Toolkit.

class dpkt.mrt.MRTHeader(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

len

subtype

ts

type

class dpkt.mrt.TableDump(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

attr_len

data

originated_ts

peer_as

peer_ip

prefix

prefix_len

seq

status

view

class dpkt.mrt.BGP4MPMessage(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

dst_as

dst_ip

family

intf

src_as

src_ip

class dpkt.mrt.BGP4MPMessage_32(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

dst_as

dst_ip

family

intf

src_as

src_ip

dpkt.netbios module

Network Basic Input/Output System.

dpkt.netbios.encode_name(name)

Return the NetBIOS first-level encoded name.

dpkt.netbios.decode_name(nbname)

Return the NetBIOS first-level decoded nbname.

dpkt.netbios.node_to_service_name(name_service_flags)

class dpkt.netbios.NS(*args, **kwargs)

Bases: dpkt.dns.DNS

NetBIOS Name Service.

class Q(*args, **kwargs)

Bases: dpkt.dns.Q

cls

data

name

type

class RR(*args, **kwargs)

Bases: dpkt.dns.RR

NetBIOS resource record.

unpack_rdata(buf, off)

cls

data

name

rdata

rlen

ttl

type

pack_name(buf, name)

unpack_name(buf, off)

an

ar

data

id

ns

op

qd

class dpkt.netbios.Session(*args, **kwargs)

Bases: dpkt.dpkt.Packet

NetBIOS Session Service.

data

flags

len

type

class dpkt.netbios.Datagram(*args, **kwargs)

Bases: dpkt.dpkt.Packet

NetBIOS Datagram Service.

data

flags

id

len

off

sport

src

type

dpkt.netflow module

Cisco Netflow.

class dpkt.netflow.NetflowBase(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Base class for Cisco Netflow packets.

TODO: Longer class information….

__hdr__

Header fields of NetflowBase.

TODO.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

class NetflowRecordBase(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Base class for netflow v1-v7 netflow records.

TODO: Longer class information….

__hdr__

Header fields of NetflowRecordBase.

TODO.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

count

data

sys_uptime

unix_nsec

unix_sec

version

class dpkt.netflow.Netflow1(*args, **kwargs)

Bases: dpkt.netflow.NetflowBase

Netflow Version 1.

TODO: Longer class information….

__hdr__

Header fields of Netflow Version 1.

TODO.

class NetflowRecord(*args, **kwargs)

Bases: dpkt.netflow.NetflowRecordBase

Netflow v1 flow record.

TODO: Longer class information….

__hdr__

Header fields of Netflow Version 1 flow record.

TODO.

bytes_sent

data

dst_addr

dst_port

end_time

input_iface

ip_proto

next_hop

output_iface

pad1

pad2

pad3

pkts_sent

reserved

src_addr

src_port

start_time

tcp_flags

tos

count

data

sys_uptime

unix_nsec

unix_sec

version

class dpkt.netflow.Netflow5(*args, **kwargs)

Bases: dpkt.netflow.NetflowBase

Netflow Version 5.

TODO: Longer class information….

__hdr__

Header fields of Netflow Version 5.

TODO.

class NetflowRecord(*args, **kwargs)

Bases: dpkt.netflow.NetflowRecordBase

Netflow v5 flow record.

TODO: Longer class information….

__hdr__

Header fields of Netflow Version 5 flow record.

TODO.

bytes_sent

data

dst_addr

dst_as

dst_mask

dst_port

end_time

input_iface

ip_proto

next_hop

output_iface

pad1

pad2

pkts_sent

src_addr

src_as

src_mask

src_port

start_time

tcp_flags

tos

count

data

engine_id

engine_type

flow_sequence

reserved

sys_uptime

unix_nsec

unix_sec

version

class dpkt.netflow.Netflow6(*args, **kwargs)

Bases: dpkt.netflow.NetflowBase

Netflow Version 6.

XXX - unsupported by Cisco, but may be found in the field. TODO: Longer class information….

__hdr__

Header fields of Netflow Version 6.

TODO.

class NetflowRecord(*args, **kwargs)

Bases: dpkt.netflow.NetflowRecordBase

Netflow v6 flow record.

TODO: Longer class information….

__hdr__

Header fields of Netflow Version 6 flow record.

TODO.

bytes_sent

data

dst_addr

dst_as

dst_mask

dst_port

end_time

in_encaps

input_iface

ip_proto

next_hop

out_encaps

output_iface

pad1

peer_nexthop

pkts_sent

src_addr

src_as

src_mask

src_port

start_time

tcp_flags

tos

count

data

engine_id

engine_type

flow_sequence

reserved

sys_uptime

unix_nsec

unix_sec

version

class dpkt.netflow.Netflow7(*args, **kwargs)

Bases: dpkt.netflow.NetflowBase

Netflow Version 7.

TODO: Longer class information….

__hdr__

Header fields of Netflow Version 7.

TODO.

class NetflowRecord(*args, **kwargs)

Bases: dpkt.netflow.NetflowRecordBase

Netflow v6 flow record.

TODO: Longer class information….

__hdr__

Header fields of Netflow Version 6 flow record.

TODO.

bytes_sent

data

dst_addr

dst_as

dst_mask

dst_port

end_time

flags

input_iface

ip_proto

next_hop

output_iface

pad2

pkts_sent

router_sc

src_addr

src_as

src_mask

src_port

start_time

tcp_flags

tos

count

data

flow_sequence

reserved

sys_uptime

unix_nsec

unix_sec

version

dpkt.netflow.test_net_flow_v1_pack()

dpkt.netflow.test_net_flow_v1_unpack()

dpkt.netflow.test_net_flow_v5_pack()

dpkt.netflow.test_net_flow_v5_unpack()

dpkt.ntp module

Network Time Protocol.

class dpkt.ntp.NTP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Network Time Protocol.

TODO: Longer class information….

__hdr__

Header fields of NTP.

TODO.

v

li

mode

data

delay

dispersion

flags

id

interval

originate_time

precision

receive_time

stratum

transmit_time

update_time

dpkt.ntp.test_ntp_pack()

dpkt.ntp.test_ntp_unpack()

dpkt.ospf module

Open Shortest Path First.

class dpkt.ospf.OSPF(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Open Shortest Path First.

TODO: Longer class information….

__hdr__

Header fields of OSPF.

TODO.

area

atype

auth

data

len

router

sum

type

v

dpkt.pcap module

Libpcap file format.

class dpkt.pcap.PktHdr(*args, **kwargs)

Bases: dpkt.dpkt.Packet

pcap packet header.

TODO: Longer class information….

__hdr__

Header fields of pcap header.

TODO.

caplen

data

len

tv_sec

tv_usec

class dpkt.pcap.LEPktHdr(*args, **kwargs)

Bases: dpkt.pcap.PktHdr

caplen

data

len

tv_sec

tv_usec

class dpkt.pcap.FileHdr(*args, **kwargs)

Bases: dpkt.dpkt.Packet

pcap file header.

TODO: Longer class information….

__hdr__

Header fields of pcap file header.

TODO.

data

linktype

magic

sigfigs

snaplen

thiszone

v_major

v_minor

class dpkt.pcap.LEFileHdr(*args, **kwargs)

Bases: dpkt.pcap.FileHdr

data

linktype

magic

sigfigs

snaplen

thiszone

v_major

v_minor

class dpkt.pcap.Writer(fileobj, snaplen=1500, linktype=1, nano=False)

Bases: object

Simple pcap dumpfile writer.

TODO: Longer class information….

__hdr__

Header fields of simple pcap dumpfile writer.

TODO.

writepkt(pkt, ts=None)

close()

class dpkt.pcap.Reader(fileobj)

Bases: object

Simple pypcap-compatible pcap file reader.

TODO: Longer class information….

__hdr__

Header fields of simple pypcap-compatible pcap file reader.

TODO.

fd

fileno()

datalink()

setfilter(value, optimize=1)

readpkts()

dispatch(cnt, callback, *args)

Collect and process packets with a user callback.

Return the number of packets processed, or 0 for a savefile.

Arguments:

cnt – number of packets to process;

or 0 to process all packets until EOF

callback – function with (timestamp, pkt, *args) prototype *args – optional arguments passed to callback on execution

loop(callback, *args)

dpkt.pcap.test_pcap_endian()

dpkt.pcap.test_reader()

dpkt.pcap.test_writer_precision()

dpkt.pim module

Protocol Independent Multicast.

class dpkt.pim.PIM(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Protocol Independent Multicast.

TODO: Longer class information….

__hdr__

Header fields of PIM.

TODO.

v

type

data

rsvd

sum

dpkt.pim.test_pim()

dpkt.pmap module

Portmap / rpcbind.

class dpkt.pmap.Pmap(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Portmap / rpcbind.

TODO: Longer class information….

__hdr__

Header fields of Pmap.

TODO.

data

port

prog

prot

vers

dpkt.ppp module

Point-to-Point Protocol.

class dpkt.ppp.PPP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Point-to-Point Protocol.

TODO: Longer class information….

__hdr__

Header fields of PPP.

TODO.

classmethod set_p(p, pktclass)

classmethod get_p(p)

unpack(buf)

Unpack packet header fields from buf, and set self.data.

pack_hdr()

Return packed header string.

addr

cntrl

data

p

dpkt.ppp.test_ppp()

dpkt.ppp.test_ppp_short()

dpkt.ppp.test_packing()

dpkt.pppoe module

PPP-over-Ethernet.

class dpkt.pppoe.PPPoE(*args, **kwargs)

Bases: dpkt.dpkt.Packet

PPP-over-Ethernet.

TODO: Longer class information….

__hdr__

Header fields of PPPoE.

TODO.

v

type

unpack(buf)

Unpack packet header fields from buf, and set self.data.

code

data

len

session

class dpkt.pppoe.PPP(*args, **kwargs)

Bases: dpkt.ppp.PPP

unpack(buf)

Unpack packet header fields from buf, and set self.data.

pack_hdr()

Return packed header string.

data

p

dpkt.pppoe.test_pppoe_discovery()

dpkt.pppoe.test_pppoe_session()

dpkt.pppoe.test_ppp_packing()

dpkt.pppoe.test_ppp_short()

dpkt.qq module

class dpkt.qq.QQBasicPacket(*args, **kwargs)

Bases: dpkt.dpkt.Packet

command

data

header_type

qqNum

sequence

source

class dpkt.qq.QQ3Packet(*args, **kwargs)

Bases: dpkt.dpkt.Packet

command

data

header_type

sequence

source

unknown1

unknown10

unknown11

unknown12

unknown13

unknown2

unknown3

unknown4

unknown5

unknown6

unknown7

unknown8

unknown9

class dpkt.qq.QQ5Packet(*args, **kwargs)

Bases: dpkt.dpkt.Packet

command

data

header_type

qqNum

sequence

source

unknown

dpkt.radiotap module

Radiotap

class dpkt.radiotap.Radiotap(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Radiotap.

TODO: Longer class information….

__hdr__

Header fields of Radiotap.

TODO.

tsft_present

flags_present

rate_present

channel_present

fhss_present

ant_sig_present

ant_noise_present

lock_qual_present

tx_attn_present

db_tx_attn_present

dbm_tx_power_present

ant_present

db_ant_sig_present

db_ant_noise_present

rx_flags_present

chanplus_present

ext_present

unpack(buf)

Unpack packet header fields from buf, and set self.data.

class Antenna(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

index

class AntennaNoise(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

db

class AntennaSignal(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

db

class Channel(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

flags

freq

class FHSS(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

pattern

set

class Flags(*args, **kwargs)

Bases: dpkt.dpkt.Packet

fcs

data

val

class LockQuality(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

val

data

length

pad

present_flags

version

class RxFlags(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

val

class Rate(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

val

class TSFT(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

usecs

class TxAttenuation(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

val

class DbTxAttenuation(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

db

class DbAntennaNoise(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

db

class DbAntennaSignal(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

db

class DbmTxPower(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

dbm

dpkt.radiotap.test_Radiotap()

dpkt.radiotap.test_fcs()

dpkt.radius module

Remote Authentication Dial-In User Service.

class dpkt.radius.RADIUS(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Remote Authentication Dial-In User Service.

TODO: Longer class information….

__hdr__

Header fields of RADIUS.

TODO.

attrs = ''

unpack(buf)

Unpack packet header fields from buf, and set self.data.

auth

code

data

id

len

dpkt.radius.parse_attrs(buf)

Parse attributes buffer into a list of (type, data) tuples.

dpkt.rfb module

Remote Framebuffer Protocol.

class dpkt.rfb.RFB(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Remote Framebuffer Protocol.

TODO: Longer class information….

__hdr__

Header fields of RADIUS.

TODO.

data

type

class dpkt.rfb.SetPixelFormat(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

pad

pixel_fmt

class dpkt.rfb.SetEncodings(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

num_encodings

pad

class dpkt.rfb.FramebufferUpdateRequest(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

height

incremental

width

x_position

y_position

class dpkt.rfb.KeyEvent(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

down_flag

key

pad

class dpkt.rfb.PointerEvent(*args, **kwargs)

Bases: dpkt.dpkt.Packet

button_mask

data

x_position

y_position

class dpkt.rfb.FramebufferUpdate(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

num_rects

pad

class dpkt.rfb.SetColourMapEntries(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

first_colour

num_colours

pad

class dpkt.rfb.CutText(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

length

pad

dpkt.rip module

Routing Information Protocol.

class dpkt.rip.RIP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Routing Information Protocol.

TODO: Longer class information….

__hdr__

Header fields of RIP.

TODO.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

cmd

data

rsvd

v

class dpkt.rip.RTE(*args, **kwargs)

Bases: dpkt.dpkt.Packet

addr

data

family

metric

next_hop

route_tag

subnet

class dpkt.rip.Auth(*args, **kwargs)

Bases: dpkt.dpkt.Packet

auth

data

rsvd

type

dpkt.rip.test_rtp_pack()

dpkt.rip.test_rtp_unpack()

dpkt.rpc module

Remote Procedure Call.

class dpkt.rpc.RPC(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Remote Procedure Call.

TODO: Longer class information….

__hdr__

Header fields of RPC.

TODO.

class Auth(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

flavor

class Call(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

proc

prog

rpcvers

vers

class Reply(*args, **kwargs)

Bases: dpkt.dpkt.Packet

class Accept(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

stat

class Reject(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

stat

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

stat

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

dir

xid

dpkt.rpc.unpack_xdrlist(cls, buf)

dpkt.rpc.pack_xdrlist(*args)

dpkt.rtp module

Real-Time Transport Protocol.

class dpkt.rtp.RTP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Real-Time Transport Protocol.

TODO: Longer class information….

__hdr__

Header fields of RTP.

TODO.

csrc = ''

version

p

x

cc

m

data

seq

ssrc

ts

pt

unpack(buf)

Unpack packet header fields from buf, and set self.data.

dpkt.rtp.test_rtp()

dpkt.rx module

Rx Protocol.

class dpkt.rx.Rx(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Rx Protocol.

TODO: Longer class information….

__hdr__

Header fields of Rx.

TODO.

call

cid

data

epoch

flags

security

seq

serial

service

status

sum

type

dpkt.sccp module

Cisco Skinny Client Control Protocol.

class dpkt.sccp.ActivateCallPlane(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

line_instance

class dpkt.sccp.CallInfo(*args, **kwargs)

Bases: dpkt.dpkt.Packet

call_id

call_type

called_party

called_party_name

calling_party

calling_party_name

data

line_instance

orig_called_party

orig_called_party_name

class dpkt.sccp.CallState(*args, **kwargs)

Bases: dpkt.dpkt.Packet

call_id

call_state

data

line_instance

class dpkt.sccp.ClearPromptStatus(*args, **kwargs)

Bases: dpkt.dpkt.Packet

call_id

data

line_instance

class dpkt.sccp.CloseReceiveChannel(*args, **kwargs)

Bases: dpkt.dpkt.Packet

conference_id

data

passthruparty_id

class dpkt.sccp.DisplayPromptStatus(*args, **kwargs)

Bases: dpkt.dpkt.Packet

call_id

data

display_msg

line_instance

msg_timeout

class dpkt.sccp.DisplayText(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

display_msg

class dpkt.sccp.KeypadButton(*args, **kwargs)

Bases: dpkt.dpkt.Packet

button

data

class dpkt.sccp.OpenReceiveChannel(*args, **kwargs)

Bases: dpkt.dpkt.Packet

conference_id

data

echo_cancel_type

g723_bitrate

ms_packet

passthruparty_id

payload_capability

class dpkt.sccp.OpenReceiveChannelAck(*args, **kwargs)

Bases: dpkt.dpkt.Packet

channel_status

data

ip

passthruparty_id

port

class dpkt.sccp.SelectStartKeys(*args, **kwargs)

Bases: dpkt.dpkt.Packet

call_id

data

line_id

softkey_map

softkey_set

class dpkt.sccp.SetLamp(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

lamp_mode

stimulus

stimulus_instance

class dpkt.sccp.SetSpeakerMode(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

speaker

class dpkt.sccp.StartMediaTransmission(*args, **kwargs)

Bases: dpkt.dpkt.Packet

call_reference

conference_id

data

g723_bitrate

ipv4_or_ipv6

max_frames_per_pkt

ms_packet

passthruparty_id

payload_capability

precedence

remote_ip

remote_port

silence_suppression

class dpkt.sccp.StartTone(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

tone

class dpkt.sccp.StopMediaTransmission(*args, **kwargs)

Bases: dpkt.dpkt.Packet

conference_id

data

passthruparty_id

class dpkt.sccp.SCCP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Cisco Skinny Client Control Protocol.

TODO: Longer class information….

__hdr__

Header fields of SCCP.

TODO.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

len

msg

msgid

rsvd

dpkt.sctp module

Stream Control Transmission Protocol.

class dpkt.sctp.SCTP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Stream Control Transmission Protocol.

TODO: Longer class information….

__hdr__

Header fields of SCTP.

TODO.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

dport

sport

sum

vtag

class dpkt.sctp.Chunk(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

flags

len

type

dpkt.sctp.test_sctp_pack()

dpkt.sctp.test_sctp_unpack()

dpkt.sip module

Session Initiation Protocol.

class dpkt.sip.Request(*args, **kwargs)

Bases: dpkt.http.Request

SIP request.

TODO: Longer class information….

__hdr__

Header fields of SIP request.

TODO.

class dpkt.sip.Response(*args, **kwargs)

Bases: dpkt.http.Response

SIP response.

TODO: Longer class information….

__hdr__

Header fields of SIP response.

TODO.

dpkt.sll module

Linux libpcap “cooked” capture encapsulation.

class dpkt.sll.SLL(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Linux libpcap “cooked” capture encapsulation.

TODO: Longer class information….

__hdr__

Header fields of SLL.

TODO.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

ethtype

hdr

hlen

hrd

type

dpkt.sll.test_sll()

dpkt.smb module

Server Message Block.

class dpkt.smb.SMB(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Server Message Block.

TODO: Longer class information….

__hdr__ = [

(‘proto’, ‘4s’, b’ÿSMB’), (‘cmd’, ‘B’, 0), (‘status’, ‘I’, SMB_STATUS_SUCCESS), (‘flags’, ‘B’, 0), (‘flags2’, ‘H’, 0), (‘_pidhi’, ‘H’, 0), (‘security’, ‘8s’, b’‘), (‘rsvd’, ‘H’, 0), (‘tid’, ‘H’, 0), (‘_pidlo’, ‘H’, 0), (‘uid’, ‘H’, 0), (‘mid’, ‘H’, 0)

]

pid

cmd

data

flags

flags2

mid

proto

rsvd

security

status

tid

uid

dpkt.smb.test_smb()

dpkt.snoop module

Snoop file format.

class dpkt.snoop.PktHdr(*args, **kwargs)

Bases: dpkt.dpkt.Packet

snoop packet header.

TODO: Longer class information….

__hdr__

Header fields of snoop packet header.

TODO.

cum_drops

data

incl_len

orig_len

rec_len

ts_sec

ts_usec

class dpkt.snoop.FileHdr(*args, **kwargs)

Bases: dpkt.dpkt.Packet

snoop file header.

TODO: Longer class information….

__hdr__

Header fields of snoop file header.

TODO.

data

linktype

magic

v

class dpkt.snoop.Writer(fileobj, linktype=4)

Bases: object

Simple snoop dumpfile writer.

TODO: Longer class information….

TODO.

writepkt(pkt, ts=None)

close()

class dpkt.snoop.Reader(fileobj)

Bases: object

Simple pypcap-compatible snoop file reader.

TODO: Longer class information….

TODO.

fileno()

datalink()

setfilter(value, optimize=1)

readpkts()

dispatch(cnt, callback, *args)

loop(callback, *args)

dpkt.ssl module

Secure Sockets Layer / Transport Layer Security.

class dpkt.ssl.SSL2(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

len

msg

pad

class dpkt.ssl.TLS(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

len

type

version

dpkt.ssl.parse_variable_array(buf, lenbytes)

Parse an array described using the ‘Type name<x..y>’ syntax from the spec Read a length at the start of buf, and returns that many bytes after, in a tuple with the TOTAL bytes consumed (including the size). This does not check that the array is the right length for any given datatype.

dpkt.ssl.parse_extensions(buf)

Parse TLS extensions in passed buf. Returns an ordered list of extension tuples with ordinal extension type as first value and extension data as second value. Passed buf must start with the 2-byte extensions length TLV. http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml

exception dpkt.ssl.SSL3Exception

Bases: exceptions.Exception

class dpkt.ssl.TLSRecord(*args, **kwargs)

Bases: dpkt.dpkt.Packet

SSLv3 or TLSv1+ packet.

In addition to the fields specified in the header, there are compressed and decrypted fields, indicating whether, in the language of the spec, this is a TLSPlaintext, TLSCompressed, or TLSCiphertext. The application will have to figure out when it’s appropriate to change these values.

length

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

type

version

class dpkt.ssl.TLSChangeCipherSpec(*args, **kwargs)

Bases: dpkt.dpkt.Packet

ChangeCipherSpec message is just a single byte with value 1

data

type

class dpkt.ssl.TLSAppData

Bases: str

As far as TLSRecord is concerned, AppData is just an opaque blob.

class dpkt.ssl.TLSAlert(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

description

level

class dpkt.ssl.TLSHelloRequest(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

class dpkt.ssl.TLSClientHello(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

random

version

class dpkt.ssl.TLSServerHello(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

random

version

class dpkt.ssl.TLSCertificate(*args, **kwargs)

Bases: dpkt.dpkt.Packet

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

class dpkt.ssl.TLSUnknownHandshake(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

dpkt.ssl.TLSServerKeyExchange

alias of dpkt.ssl.TLSUnknownHandshake

dpkt.ssl.TLSCertificateRequest

alias of dpkt.ssl.TLSUnknownHandshake

dpkt.ssl.TLSServerHelloDone

alias of dpkt.ssl.TLSUnknownHandshake

dpkt.ssl.TLSCertificateVerify

alias of dpkt.ssl.TLSUnknownHandshake

dpkt.ssl.TLSClientKeyExchange

alias of dpkt.ssl.TLSUnknownHandshake

dpkt.ssl.TLSFinished

alias of dpkt.ssl.TLSUnknownHandshake

class dpkt.ssl.TLSHandshake(*args, **kwargs)

Bases: dpkt.dpkt.Packet

A TLS Handshake message

This goes for all messages encapsulated in the Record layer, but especially important for handshakes and app data: A message may be spread across a number of TLSRecords, in addition to the possibility of there being more than one in a given Record. You have to put together the contents of TLSRecord’s yourself.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

length

data

length_bytes

type

class dpkt.ssl.SSLFactory

Bases: object

dpkt.ssl.tls_multi_factory(buf)

Attempt to parse one or more TLSRecord’s out of buf

Parameters:buf – string containing SSL/TLS messages. May have an incomplete record on the end Returns:[TLSRecord] int, total bytes consumed, != len(buf) if an incomplete record was left at

the end.

Raises SSL3Exception.

class dpkt.ssl.TestTLS

Bases: object

Test basic TLS functionality. Test that each TLSRecord is correctly discovered and added to TLS.records

classmethod setup_class()

test_records_length()

test_record_type()

test_record_version()

class dpkt.ssl.TestTLSRecord

Bases: object

Test basic TLSRecord functionality For this test, the contents of the record doesn’t matter, since we’re not parsing the next layer.

classmethod setup_class()

test_content_type()

test_version()

test_length()

test_data()

test_initial_flags()

test_repack()

test_total_length()

test_raises_need_data_when_buf_is_short()

class dpkt.ssl.TestTLSChangeCipherSpec

Bases: object

It’s just a byte. This will be quick, I promise

classmethod setup_class()

test_parses()

test_total_length()

class dpkt.ssl.TestTLSAppData

Bases: object

AppData is basically just a string

test_value()

class dpkt.ssl.TestTLSHandshake

Bases: object

classmethod setup_class()

test_created_inside_message()

test_length()

test_raises_need_data()

class dpkt.ssl.TestClientHello

Bases: object

This data is extracted from and verified by Wireshark

classmethod setup_class()

test_client_hello_constructed()

Make sure the correct class was constructed

test_client_random_correct()

test_cipher_suite_length()

test_session_id()

test_compression_methods()

test_total_length()

class dpkt.ssl.TestServerHello

Bases: object

Again, from Wireshark

classmethod setup_class()

test_constructed()

test_random_correct()

test_cipher_suite()

test_total_length()

class dpkt.ssl.TestTLSCertificate

Bases: object

We use a 2016 certificate record from iana.org as test data.

classmethod setup_class()

test_num_certs()

class dpkt.ssl.TestTLSMultiFactory

Bases: object

Made up test data

classmethod setup_class()

test_num_messages()

test_bytes_parsed()

test_first_msg_data()

test_second_msg_data()

test_incomplete()

dpkt.ssl_ciphersuites module

Nicely formatted cipher suite definitions for TLS

A list of cipher suites in the form of CipherSuite objects. These are supposed to be immutable; don’t mess with them.

class dpkt.ssl_ciphersuites.CipherSuite(code, kx, auth, cipher, mode, mac, name=None, encoding=None)

Bases: object

Encapsulates a cipher suite.

Members/args: * code: two-byte ID code, as int * kx: key exchange algorithm, e.g. ‘RSA’ or ‘DHE’ * auth: authentication algorithm, e.g. ‘RSA’ or ‘DSS’ * cipher: stream or block cipher algorithm, e.g. ‘AES_128’ * mode: mode of operation for block ciphers, e.g. ‘CBC’ or ‘GCM’ * mac: message authentication code algorithm, e.g. ‘MD5’ or ‘SHA256’ * name: cipher suite name as defined in the RFCs,

e.g. ‘TLS_RSA_WITH_RC4_40_MD5’, can be generated by default from the other parameters

• encoding: encoding algorithm, defaults to cipher+mode

Additional members: * kx_auth: kx+auth algorithm, as ‘KeyExchangeAlgorithm’ in RFCs

kx

auth

kx_auth

encoding

name

MAC_SIZES = {'MD5': 16, 'SHA': 20, 'SHA256': 32, 'SHA384': 48}

BLOCK_SIZES = {'AES_128': 16, 'AES_256': 16}

mac_size

In bytes. Default to 0.

block_size

In bytes. Default to 1.

dpkt.ssl_ciphersuites.BY_NAME(name)

class dpkt.ssl_ciphersuites.TestCipherSuites

Bases: object

test_kx()

test_auth()

test_by_name_and_code()

dpkt.stp module

Spanning Tree Protocol.

class dpkt.stp.STP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Spanning Tree Protocol.

TODO: Longer class information….

__hdr__

Header fields of STP.

TODO.

age

max_age

bridge_id

data

flags

hello

port_id

proto_id

root_id

root_path

type

v

fd

dpkt.stp.test_stp()

dpkt.stun module

Simple Traversal of UDP through NAT.

class dpkt.stun.STUN(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Simple Traversal of UDP through NAT.

STUN - RFC 3489 http://tools.ietf.org/html/rfc3489 Each packet has a 20 byte header followed by 0 or more attribute TLVs.

__hdr__

Header fields of STUN.

TODO.

data

len

type

xid

dpkt.stun.tlv(buf)

dpkt.stun.parse_attrs(buf)

Parse STUN.data buffer into a list of (attribute, data) tuples.

dpkt.stun.test_stun_response()

dpkt.stun.test_stun_padded()

dpkt.tcp module

Transmission Control Protocol.

class dpkt.tcp.TCP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Transmission Control Protocol.

TODO: Longer class information….

__hdr__

Header fields of TCP.

TODO.

opts = ''

off

unpack(buf)

Unpack packet header fields from buf, and set self.data.

ack

data

dport

flags

seq

sport

sum

urp

win

dpkt.tcp.parse_opts(buf)

Parse TCP option buffer into a list of (option, data) tuples.

dpkt.tcp.test_parse_opts()

dpkt.tcp.test_offset()

dpkt.telnet module

Telnet.

dpkt.telnet.strip_options(buf)

Return a list of lines and dict of options from telnet data.

dpkt.telnet.test_telnet()

dpkt.tftp module

Trivial File Transfer Protocol.

class dpkt.tftp.TFTP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Trivial File Transfer Protocol.

TODO: Longer class information….

__hdr__

Header fields of TFTP.

TODO.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

opcode

dpkt.tftp.test_op_rrq()

dpkt.tftp.test_op_data()

dpkt.tftp.test_op_err()

dpkt.tns module

Transparent Network Substrate.

class dpkt.tns.TNS(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Transparent Network Substrate.

TODO: Longer class information….

__hdr__

Header fields of TNS.

TODO.

unpack(buf)

Unpack packet header fields from buf, and set self.data.

data

hdrsum

length

msg

pktsum

rsvd

type

dpkt.tns.test_tns()

dpkt.tpkt module

ISO Transport Service on top of the TCP (TPKT).

class dpkt.tpkt.TPKT(*args, **kwargs)

Bases: dpkt.dpkt.Packet

ISO Transport Service on top of the TCP (TPKT).

TODO: Longer class information….

__hdr__

Header fields of TPKT.

TODO.

data

len

rsvd

v

dpkt.udp module

User Datagram Protocol.

class dpkt.udp.UDP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

User Datagram Protocol.

TODO: Longer class information….

__hdr__

Header fields of UDP.

TODO.

data

dport

sport

sum

ulen

dpkt.vrrp module

Virtual Router Redundancy Protocol.

class dpkt.vrrp.VRRP(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Virtual Router Redundancy Protocol.

TODO: Longer class information….

__hdr__

Header fields of VRRP.

TODO.

addrs = ()

auth = ''

v

type

unpack(buf)

Unpack packet header fields from buf, and set self.data.

advtime

atype

count

data

priority

sum

vrid

dpkt.vrrp.test_vrrp()

dpkt.yahoo module

Yahoo Messenger.

class dpkt.yahoo.YHOO(*args, **kwargs)

Bases: dpkt.dpkt.Packet

Yahoo Messenger.

TODO: Longer class information….

__hdr__

Header fields of Yahoo Messenger.

TODO.

connid

data

length

magic

nick1

nick2

service

type

unknown

version

class dpkt.yahoo.YMSG(*args, **kwargs)

Bases: dpkt.dpkt.Packet

data

length

type

unknown1

unknown2

version

About dpkt

Authors

Original author

Dug Song <dugsong@monkey.org>

Contributors

Timur Alperovich <timuralp@umich.edu>

radiotap module

Nic Bellamy <nic.bellamy@vadacom.co.nz>

HTTP header parsing fix

the grugq <thegrugq@gmail.com>

better RTP module

David Helder <dhelder@gizmolabs.org>

bug fixes

Przemyslaw Karwasiecki <karwas@gmail.com>

TABLE_DUMP in MRT module

Reza Lotun <rlotun@cs.ubc.ca>

MetaPacket cleanup

Jeff Nathan <jeff@snort.org>

bug fixes

Tim Newsham <newsham@lava.net>

IPv6 bugfixing and improvements

keisuke.nishimoto@gmail.com

Snoop file parser

Jon Oberheide <jon@oberheide.org>

STUN, H.225, TPKT, NTP, RIP, Diameter, SCTP, BGP, MRT, RX modules

plotnikoff@gmail.com

handle dynamic imports from py2exe/freeze.py/zipped egg packages

simdream@gmail.com

handle multiple cookie values in HTTP

Owen Stephens <owen@owenstephens.co.uk>

IP6 extension header support

Robert Stone <otaku@monkey.org>

Netflow and QQ modules

Thomas Taranowski <thomastaranowski@yahoo.com>

dnet IP checksum bug on i386

Jirka Vejrazka

bug fixes

Tim Yardley <yardley@gmail.com>

DHCP definitions

obormot <oscar.ibatullin@gmail.com>

pcapng module, Packet repr improvements

Kyle Keppler <kyle.keppler@gmail.com>

Python 3 port

Hao Sun <sunhao2013@gmail.com>

Python 3 port

Brian Wylie <briford.wylie@gmail.com>

Examples, Docs, Tests, CI, Python 3 port

If you want to contribute to dpkt, see Contributing.

Changelog

Development plans

Current plans

• Be Awesome

Future plans

• Maintain the Awesome

Contributing

Report a Bug or Make a Feature Request

Please go to the GitHub Issues page: https://github.com/kbandla/dpkt/issues.

Checkout the Code

git clone https://github.com/kblandla/dpkt.git

Become a Developer

dpkt uses the ‘GitHub Flow’ model: GitHub Flow

• To work on something new, create a descriptively named branch off of master (ie: my-awesome)
• Commit to that branch locally and regularly push your work to the same named branch on the server
• When you need feedback or help, or you think the branch is ready for merging, open a pull request
• After someone else has reviewed and signed off on the feature, they or you can merge it into master

New Feature or Bug

$ git checkout -b my-awesome
$ git push -u origin my-awesome
$ <code for a bit>; git push
$ <code for a bit>; git push
$ tox (this will run all the tests)

• Go to github and hit ‘New pull request’
• Someone reviews it and says ‘AOK’
• Merge the pull request (green button)

License

BSD 3-Clause License, as the upstream project

Administration

Notes

PyPI Release How-To

Notes and information on how to do the PyPI release for the dpkt project. For full details on packaging you can reference this page Packaging

The following instructions should work, but things change :)

Package Requirements

• pip install tox
• pip install –upgrade setuptools wheel
• pip install twine

Setup pypirc

The easiest thing to do is setup a ~/.pypirc file with the following contents

[distutils]
index-servers =
  pypi
  testpypi

[pypi]
repository=https://upload.pypi.org/legacy/
username=<pypi username>
password=<pypi password>

[testpypi]
repository=https://test.pypi.org/legacy/
username=<pypi username>
password=<pypi password>

Tox Background

Tox will install the dpkt package into a blank virtualenv and then execute all the tests against the newly installed package. So if everything goes okay, you know the pypi package installed fine and the tests (which pull from the installed dpkt package) also ran okay.

Make sure ALL tests pass

$ cd dpkt
$ tox

If ALL the test above pass…

Create the TEST PyPI Release

$ vi dpkt/__init__.py and bump the version
$ python setup.py sdist bdist_wheel
$ twine upload dist/* -r testpypi

Install the TEST PyPI Release

$ pip install --index-url https://test.pypi.org/simple dpkt

Create the REAL PyPI Release

$ twine upload dist/* -r pypi

Push changes to Github

$ git add dpkt/__init__.py
$ get commit -m "dpkt version 1.8.7 (or whatever)"
$ git tag v1.8.7 (or whatever)
$ git push --tags
$ git push

Git Releases (discussion)

Note: This is an opinion, we/I could certainly be convinced otherwise.

You can also do a ‘release’ on GitHub (the tags above are perfect for that). In general this is discouraged, people should always do a $pip install dpkt. If people want older releases they can do a $pip install dpkt==<old version>. Providing tarballs/zip file on GitHub will just confuse new users and they’ll have a ‘bad experience’ when trying to deal with a tarball.