scapy.plist module¶

PacketList: holds several packets and allows to do operations on them.

class scapy.plist.PacketList(res=None, name='PacketList', stats=None)¶

Bases: scapy.base_classes.BasePacketList, scapy.base_classes._CanvasDumpExtended

afterglow(src=None, event=None, dst=None, **kargs)¶: Experimental clone attempt of http://sourceforge.net/projects/afterglow each datum is reduced as src -> event -> dst and the data are graphed. by default we have IP.src -> IP.dport -> IP.dst

canvas_dump(**kargs)¶

conversations(getsrcdst=None, **kargs)¶

Graphes a conversations between sources and destinations and display it (using graphviz and imagemagick)

Parameters:

getsrcdst – a function that takes an element of the list and returns the source, the destination and optionally a label. By default, returns the IP source and destination from IP and ARP layers
type – output type (svg, ps, gif, jpg, etc.), passed to dot’s “-T” option
target – filename or redirect. Defaults pipe to Imagemagick’s display program
prog – which graphviz program to use

convert_to(other_cls, name=None, stats=None)¶

Converts all packets to another type.

See Packet.convert_to for more info.

Parameters:	other_cls (Type[scapy.packet.Packet]) – reference to a Packet class to convert to name (Optional[str]) – optional name for the new PacketList stats (Optional[List[Type[scapy.packet.Packet]]]) – optional list of protocols to give stats on; if not specified, inherits from this PacketList.
Return type:	scapy.plist.PacketList

diffplot(f, delay=1, lfilter=None)¶

Applies a function to couples (l[i],l[i+delay])

A list of matplotlib.lines.Line2D is returned.

display()¶: deprecated. is show()

filter(func)¶: Returns a packet list filtered by a truth function. This truth function has to take a packet as the only argument and return a boolean value.

getlayer(cls, nb=None, flt=None, name=None, stats=None)¶

Returns the packet list from a given layer.

See Packet.getlayer for more info.

Parameters:

cls (Type[scapy.packet.Packet]) – search for a layer that is an instance of cls
nb (Optional[int]) – return the nb^th layer that is an instance of cls
flt (Optional[Dict[str, Any]]) – filter parameters for Packet.getlayer
name (Optional[str]) – optional name for the new PacketList
stats (Optional[List[Type[scapy.packet.Packet]]]) – optional list of protocols to give stats on; if not specified, inherits from this PacketList.

Return type:

scapy.plist.PacketList

hexdump(lfilter=None)¶: Same as nsummary(), except that packets are also hexdumped lfilter: a truth function that decides whether a packet must be displayed

hexraw(lfilter=None)¶: Same as nsummary(), except that if a packet has a Raw layer, it will be hexdumped # noqa: E501 lfilter: a truth function that decides whether a packet must be displayed

listname¶

make_lined_table(*args, **kargs)¶: Same as make_table, but print a table with lines

make_table(*args, **kargs)¶: Prints a table using a function that returns for each packet its head column value, head row value and displayed value # noqa: E501 ex: p.make_table(lambda x:(x[IP].dst, x[TCP].dport, x[TCP].sprintf(“%flags%”))

make_tex_table(*args, **kargs)¶: Same as make_table, but print a table with LaTeX syntax

multiplot(f, lfilter=None, plot_xy=False, **kargs)¶

Uses a function that returns a label and a value for this label, then plots all the values label by label.

A list of matplotlib.lines.Line2D is returned.

nsummary(prn=None, lfilter=None)¶

prints a summary of each packet with the packet’s number

Parameters:	prn – function to apply to each packet instead of lambda x:x.summary() lfilter – truth function to apply to each packet to decide whether it will be displayed

nzpadding(lfilter=None)¶: Same as padding() but only non null padding

padding(lfilter=None)¶: Same as hexraw(), for Padding layer

plot(f, lfilter=None, plot_xy=False, **kargs)¶

Applies a function to each packet to get a value that will be plotted with matplotlib. A list of matplotlib.lines.Line2D is returned.

lfilter: a truth function that decides whether a packet must be plotted

rawhexdump()¶: Prints an hexadecimal dump of each packet in the list

replace(<field>, [<oldvalue>, ]<newvalue>)¶

lst.replace( (fld,[ov],nv),(fld,[ov,]nv),…): if ov is None, all values are replaced
ex:: lst.replace( IP.src, “192.168.1.1”, “10.0.0.1” ) lst.replace( IP.ttl, 64 ) lst.replace( (IP.ttl, 64), (TCP.sport, 666, 777), )

res¶

sessions(session_extractor=None)¶

show(*args, **kargs)¶: Best way to display the packet list. Defaults to nsummary() method

sr([multi=1]) -> (SndRcvList, PacketList)¶: Matches packets in the list and return ( (matched couples), (unmatched packets) )

stats¶

summary(prn=None, lfilter=None)¶

prints a summary of each packet

Parameters:	prn – function to apply to each packet instead of lambda x:x.summary() lfilter – truth function to apply to each packet to decide whether it will be displayed

timeskew_graph(ip, **kargs)¶: Tries to graph the timeskew between the timestamps and real time for a given ip

class scapy.plist.SndRcvList(res=None, name='Results', stats=None)¶: Bases: scapy.plist.PacketList