:py:mod:`expliot.core.common.pcaphelper`
========================================

.. py:module:: expliot.core.common.pcaphelper

.. autoapi-nested-parse::

   Helper for pacp files.



Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   expliot.core.common.pcaphelper.PcapFrame
   expliot.core.common.pcaphelper.PcapDumper



Functions
~~~~~~~~~

.. autoapisummary::

   expliot.core.common.pcaphelper.wireshark_dump_reader



Attributes
~~~~~~~~~~

.. autoapisummary::

   expliot.core.common.pcaphelper.PCAPH_MAGIC_NUM_BE
   expliot.core.common.pcaphelper.PCAPH_MAGIC_NUM_LE
   expliot.core.common.pcaphelper.PCAPH_MAGIC_NUM_BE_NS
   expliot.core.common.pcaphelper.PCAPH_MAGIC_NUM_LE_NS
   expliot.core.common.pcaphelper.PCAPH_VER_MAJOR
   expliot.core.common.pcaphelper.PCAPH_VER_MINOR
   expliot.core.common.pcaphelper.PCAPH_THISZONE
   expliot.core.common.pcaphelper.PCAPH_SIGFIGS
   expliot.core.common.pcaphelper.PCAPH_SNAPLEN
   expliot.core.common.pcaphelper.WIRESHARK_GLB_HDR_LEN
   expliot.core.common.pcaphelper.WIRESHARK_PKT_HDR_LEN
   expliot.core.common.pcaphelper.SYS_LE_STR
   expliot.core.common.pcaphelper.SYS_BE_STR


.. py:data:: PCAPH_MAGIC_NUM_BE
   :annotation: = 2712847316

   

.. py:data:: PCAPH_MAGIC_NUM_LE
   :annotation: = 3569595041

   

.. py:data:: PCAPH_MAGIC_NUM_BE_NS
   :annotation: = 2712812621

   

.. py:data:: PCAPH_MAGIC_NUM_LE_NS
   :annotation: = 20740616865

   

.. py:data:: PCAPH_VER_MAJOR
   :annotation: = 2

   

.. py:data:: PCAPH_VER_MINOR
   :annotation: = 4

   

.. py:data:: PCAPH_THISZONE
   :annotation: = 0

   

.. py:data:: PCAPH_SIGFIGS
   :annotation: = 0

   

.. py:data:: PCAPH_SNAPLEN
   :annotation: = 65535

   

.. py:data:: WIRESHARK_GLB_HDR_LEN
   :annotation: = 24

   

.. py:data:: WIRESHARK_PKT_HDR_LEN
   :annotation: = 16

   

.. py:data:: SYS_LE_STR
   :annotation: = little

   

.. py:data:: SYS_BE_STR
   :annotation: = big

   

.. py:class:: PcapFrame(packet, ts32=None)

   Helper class to create pcap frame to write in pcap file.

   .. py:method:: __build_packet_pcap_hdr()

      Build the packet header string with timestamp and length info.

      :return: Packet header string


   .. py:method:: get_pcap_frame()

      Return packet header string and packet string.

      :return: Packet header + packet string



.. py:class:: PcapDumper(datalink, filename)

   Helper class to create and write data to the pcap file.

   .. py:method:: write_to_pcapfile(pcapframe)

      Write packet header and packet to pcap file.

      :param pcapframe: pcap frame including packet header and packet



.. py:function:: wireshark_dump_reader(filename)

   Opens pcap file for reading.
   Read wireshark global header
   Identify file endienness and read next packet accordingly

   :param filename: pcap file name to be rad from disk

   TODO: Test magic number for BE machine