Class for holding data of individual packets def __init__(self, plugin, pktlen, pkt, ts): Args: pktlen: length of packet pkt: pypacker object for the packet ts: timestamp of packet Attributes: ts: timestamp of packet
| 809 | |
| 810 | |
| 811 | class Packet(object): |
| 812 | """ |
| 813 | Class for holding data of individual packets |
| 814 | |
| 815 | def __init__(self, plugin, pktlen, pkt, ts): |
| 816 | |
| 817 | Args: |
| 818 | pktlen: length of packet |
| 819 | pkt: pypacker object for the packet |
| 820 | ts: timestamp of packet |
| 821 | |
| 822 | Attributes: |
| 823 | ts: timestamp of packet |
| 824 | dt: datetime of packet |
| 825 | frame: sequential packet number as read from data stream |
| 826 | pkt: pypacker object for the packet |
| 827 | rawpkt: raw bytestring of the packet |
| 828 | pktlen: length of packet |
| 829 | byte_count: length of packet body |
| 830 | sip: source IP |
| 831 | dip: destination IP |
| 832 | sip_bytes: source IP as bytes |
| 833 | dip_bytes: destination IP as bytes |
| 834 | sport: source port |
| 835 | dport: destination port |
| 836 | smac: source MAC |
| 837 | dmac: destination MAC |
| 838 | sipcc: source IP country code |
| 839 | dipcc: dest IP country code |
| 840 | siplat: source IP latitude |
| 841 | diplat: dest IP latitude |
| 842 | siplon: source IP longitude |
| 843 | diplon: dest IP longitude |
| 844 | sipasn: source IP ASN |
| 845 | dipasn: dest IP ASN |
| 846 | protocol: text version of protocol in layer-3 header |
| 847 | protocol_num: numeric version of protocol in layer-3 header |
| 848 | data: data of the packet after TCP layer, or highest layer |
| 849 | sequence_number: TCP sequence number, or None |
| 850 | ack_number: TCP ACK number, or None |
| 851 | tcp_flags: TCP header flags, or None |
| 852 | """ |
| 853 | |
| 854 | IP_PROTOCOL_MAP = dict((v, k[9:]) for k, v in ip.__dict__.items() if |
| 855 | type(v) == int and k.startswith('IP_PROTO_') and k != 'IP_PROTO_HOPOPTS') |
| 856 | |
| 857 | def __init__(self, pktlen, packet: pypacker.Packet, timestamp: int, frame=0): |
| 858 | # TODO: Use full variable names. |
| 859 | self.ts = timestamp |
| 860 | self.dt = datetime.datetime.fromtimestamp(timestamp) |
| 861 | self.frame = frame |
| 862 | self.pkt = packet |
| 863 | self.pktlen = pktlen # TODO: Is this needed? |
| 864 | |
| 865 | self.sip = None |
| 866 | self.dip = None |
| 867 | self.sport = None |
| 868 | self.dport = None |