This Module provides methods that are useful when analysing network trace files.
Provide methods for getting unsigned numbers ('Network
Integers') from a byte array.
Assumes that the bytes are in
network order in that array, for example because it contains bytes
from a packet payload.
| ba_get_short() | natkit.ba_get_short(ByteArray, Integer) -> anInteger |
| Gets an unsigned 16-bit number from ByteArray[Integer]. For example, natkit.get_short(IP.data, 20) returns the number contained in IP.data[20] through IP.data[21] |
|
| ba_get_long() | natkit.ba_get_long(ByteArray, Integer) -> anInteger |
| Gets an unsigned 32-bit number from ByteArray[Integer]. For example, natkit.get_short(IP.data, 33) returns the number contained in IP.data[33] through IP.data[36] |
| u32_add() | natkit.seq_add(seq_a, seq_b) -> anInteger |
| Returns seq_a + seq_b |
|
| u32_sub() | natkit.u32_sub(seq_a, seq_b) -> anInteger |
| Returns seq_a - seq_b | |
| seq_lt() | natkit.seq_lt(seq_a, seq_b) -> True or False |
| Returns True if seq_a < U32_b | |
| seq_ge() | natkit.seq_ge(ne(seq_a, seq_b) -> True or False |
| Returns True if SEQ_a >= seq_b | |
| seq_gt() | natkit.seq_gt(seq_a, seq_b) -> True or False |
| Returns True if seq_a > seq_b, |
Allows you to specify a tuple of IPprefixes for addresses that lie within a home network. A FlowHome object can then be used to create IPflows (see below). IPflows created in this way
have the same flow-key string for packets in each direction, i.e. the
direction matching is done by natkit in C, so you don't have to do it
yourself in Python.
| Class Functions |
|
| FlowHome() |
natkit.FlowHome(IPP1, IPP2, ..., IPPn) -> aFlowHome |
| Makes an object that specifies a home network for IP flows. IPP1 ..., IPPn is a tuple of IPprefixes that are owned by the home network. The IPprefixes can be any mix of IPv4 and IP6 prefixes. |
|
| flow() | flow_home.flow(plt_obj)-> anIPflow |
| Uses
a FlowHome object to create
an IPflow, with its source and destination fields ordered such that the
IPflow's destination address beongs to the home network, and its source
address does not. This function's argument can be any python-libtrace
object that was
derived from a packet; it will usually be either a Packet or an
Internet object. |
|
Provides methods for creating and using network flow keys, i.e. Strings that describe a flow, and which can be used as keys for a Python Dictionary.
For a simple flow, the first-seen packet is assumed to be in forward order.
For a flow created using a FlowHome, forward order is into the home network.
Note: an IPflow is a bi-directional flow, it's key is the 6-tuple (IP version, protocol, source port, destination port, source IP address, destination IP address).
| Class Function | |
| flow() |
natkit.IPflow(plt_obj) -> anIPflow |
| Makes an IPflow (as described above). This function's argument can be any python-libtrace object that was derived from a packet; it will usually be either a Packet or an Internet object. |
|
| Instance Attributes | |
| fwd_key |
ipf.fwd_key -> aString |
| Returns a key string, with source and destination in flow order for an IPflow. |
|
| rev_key |
ipf.rev_key -> aString |
| Returns a key string, with source and destination in the order opposite to that returned by ipf.fwd_key. |
|
| version |
ipf.version -> 4 or 6 |
| Returns the IP version number for the packet. |
|
| proto |
ipf.proto -> anInteger |
| IP protocol number from Internet header. |
|
| src_port |
ipf.src_port -> anInteger |
| Source port number from TCP or UDP header. |
|
| dst_port | ipf.dst_port-> anInteger |
| Destination port number from TCP or UDP header. |
|
| src_prefix | ipf.src_prefix-> anIPprefix |
| Source IP address from Internet header. |
|
| dst_prefix | ipf.dst_prefix -> anIPprefix |
| Destination IP address from Internet header. |
|
| home_key |
ipf.home_key -> aString |
| Returns a key string, with source and destination in flow order. Returns None for an IPflow for an IPflow created using a FlowHome. | |
| src_in_home | ipf.src_in_home-> True or False |
| Returns True if the packet's source IP address is in the home network. |
|
| dst_in_home | ipf.dst_in_home-> True or False |
| Returns True if the packet's destination IP address is in the home network. | |
| is_inward |
ipf.is_inward -> True or False |
| Returns True if the packet's destination IP address is in the home network, i.e. only one of it's source and destination addresses is in the home network. | |
Nevil Brownlee
Mon, 13 Apr 15 (NZST)