scapy.plist

PacketList: holds several packets and allows to do operations on them.

class scapy.plist.PacketList(res=None, name='PacketList', stats=None)

Bases: scapy.base_classes.BasePacketList, scapy.base_classes._CanvasDumpExtended

afterglow(src=None, event=None, dst=None, **kargs)

Experimental clone attempt of http://sourceforge.net/projects/afterglow each datum is reduced as src -> event -> dst and the data are graphed. by default we have IP.src -> IP.dport -> IP.dst

canvas_dump(**kargs)
conversations(getsrcdst=None, **kargs)

Graphes a conversations between sources and destinations and display it (using graphviz and imagemagick)

Parameters

  • getsrcdst – a function that takes an element of the list and returns the source, the destination and optionally a label. By default, returns the IP source and destination from IP and ARP layers

  • type – output type (svg, ps, gif, jpg, etc.), passed to dot’s “-T” option

  • target – filename or redirect. Defaults pipe to Imagemagick’s display program

  • prog – which graphviz program to use

convert_to(other_cls, name=None, stats=None)

Converts all packets to another type.

See Packet.convert_to for more info.

Parameters

  • other_cls (Type[scapy.packet.Packet]) – reference to a Packet class to convert to

  • name (Optional[str]) – optional name for the new PacketList

  • stats (Optional[List[Type[scapy.packet.Packet]]]) – optional list of protocols to give stats on; if not specified, inherits from this PacketList.

Return type

scapy.plist.PacketList

diffplot(f, delay=1, lfilter=None)

Applies a function to couples (l[i],l[i+delay])

A list of matplotlib.lines.Line2D is returned.

display()

deprecated. is show()

filter(func)

Returns a packet list filtered by a truth function. This truth function has to take a packet as the only argument and return a boolean value.

getlayer(cls, nb=None, flt=None, name=None, stats=None)

Returns the packet list from a given layer.

See Packet.getlayer for more info.

Parameters

  • cls (Type[scapy.packet.Packet]) – search for a layer that is an instance of cls

  • nb (Optional[int]) – return the nb^th layer that is an instance of cls

  • flt (Optional[Dict[str, Any]]) – filter parameters for Packet.getlayer

  • name (Optional[str]) – optional name for the new PacketList

  • stats (Optional[List[Type[scapy.packet.Packet]]]) – optional list of protocols to give stats on; if not specified, inherits from this PacketList.

Return type

scapy.plist.PacketList

hexdump(lfilter=None)

Same as nsummary(), except that packets are also hexdumped lfilter: a truth function that decides whether a packet must be displayed

hexraw(lfilter=None)

Same as nsummary(), except that if a packet has a Raw layer, it will be hexdumped # noqa: E501 lfilter: a truth function that decides whether a packet must be displayed

listname
make_lined_table(*args, **kargs)

Same as make_table, but print a table with lines

make_table(*args, **kargs)

Prints a table using a function that returns for each packet its head column value, head row value and displayed value # noqa: E501 ex: p.make_table(lambda x:(x[IP].dst, x[TCP].dport, x[TCP].sprintf(“%flags%”))

make_tex_table(*args, **kargs)

Same as make_table, but print a table with LaTeX syntax

multiplot(f, lfilter=None, plot_xy=False, **kargs)

Uses a function that returns a label and a value for this label, then plots all the values label by label.

A list of matplotlib.lines.Line2D is returned.

nsummary(prn=None, lfilter=None)

prints a summary of each packet with the packet’s number

Parameters

  • prn – function to apply to each packet instead of lambda x:x.summary()

  • lfilter – truth function to apply to each packet to decide whether it will be displayed

nzpadding(lfilter=None)

Same as padding() but only non null padding

padding(lfilter=None)

Same as hexraw(), for Padding layer

plot(f, lfilter=None, plot_xy=False, **kargs)

Applies a function to each packet to get a value that will be plotted with matplotlib. A list of matplotlib.lines.Line2D is returned.

lfilter: a truth function that decides whether a packet must be plotted

rawhexdump()

Prints an hexadecimal dump of each packet in the list

replace(<field>, [<oldvalue>, ]<newvalue>)
lst.replace( (fld,[ov],nv),(fld,[ov,]nv),…)

if ov is None, all values are replaced

ex:

lst.replace( IP.src, “192.168.1.1”, “10.0.0.1” ) lst.replace( IP.ttl, 64 ) lst.replace( (IP.ttl, 64), (TCP.sport, 666, 777), )

res
sessions(session_extractor=None)
show(*args, **kargs)

Best way to display the packet list. Defaults to nsummary() method

sr([multi=1]) -> (SndRcvList, PacketList)

Matches packets in the list and return ( (matched couples), (unmatched packets) )

stats
summary(prn=None, lfilter=None)

prints a summary of each packet

Parameters

  • prn – function to apply to each packet instead of lambda x:x.summary()

  • lfilter – truth function to apply to each packet to decide whether it will be displayed

timeskew_graph(ip, **kargs)

Tries to graph the timeskew between the timestamps and real time for a given ip

class scapy.plist.SndRcvList(res=None, name='Results', stats=None)

Bases: scapy.plist.PacketList