scapy.layers.netflow

Cisco NetFlow协议v1,v5,v9和v10(IPFix)

如何剖析NetflowV9 / 10(IPFix)数据包:

#从一个pcap /数据包列表中

使用嗅探和会话:>>>嗅探(offline = open(" my_great_pcap.pcap"," rb"),session = NetflowSession)

使用netflowv9_defragment / ipfix_defragment命令:-获取包含NetflowV9 / 10数据包的数据包列表-调用netflowv9_defragment(plist)对该列表进行碎片整理

(ipfix_defragment是netflowv9_defragment的别名)

#直播/直播/其他:使用NetflowSession >>> sniff(session = NetflowSession,prn = […])

scapy.layers.netflow.GetNetflowRecordV9(flowset, templateID=None)

获取特定NetflowFlowsetV9 / 10的NetflowRecordV9 / 10.

看看在线文档的例子.

class scapy.layers.netflow.N9SecondsIntField(name, default, *args, **kargs)

Bases: scapy.fields.SecondsIntField, scapy.layers.netflow._AdjustableNetflowField

定义dateTimeSeconds(没有EPOCH:仅几秒钟)

class scapy.layers.netflow.N9UTCTimeField(name, default, *args, **kargs)

Bases: scapy.fields.UTCTimeField, scapy.layers.netflow._AdjustableNetflowField

Defines dateTimeSeconds (EPOCH)

class scapy.layers.netflow.NetflowDataflowsetV9

Bases: scapy.packet.Packet

aliastypes
classmethod dispatch_hook(_pkt=None, *args, **kargs)
fields_desc
NetflowDataflowsetV9字段

templateID

ShortField

255

length

FieldLenField

None

records

PadField

[]

payload_guess

可能的子层: NetflowDataflowsetV9

class scapy.layers.netflow.NetflowFlowsetV9

Bases: scapy.packet.Packet

aliastypes
fields_desc
NetflowFlowsetV9字段

flowSetID

ShortField

0

length

FieldLenField

None

templates

PacketListField

[]

payload_guess

可能的子层: NetflowDataflowsetV9

class scapy.layers.netflow.NetflowHeader

Bases: scapy.packet.Packet

aliastypes
fields_desc
NetflowHeader字段

version

ShortField

1

payload_guess

可能的子层: NetflowHeaderV10NetflowHeaderV1NetflowHeaderV5NetflowHeaderV9

class scapy.layers.netflow.NetflowHeaderV1

Bases: scapy.packet.Packet

aliastypes
fields_desc
NetflowHeaderV1字段

count

ShortField

0

sysUptime

IntField

0

unixSecs

UTCTimeField

0

unixNanoSeconds

UTCTimeField

0

payload_guess

可能的子层: NetflowRecordV1

class scapy.layers.netflow.NetflowHeaderV10

Bases: scapy.packet.Packet

IPFix(Netflow V10)标头

aliastypes
fields_desc
NetflowHeaderV10字段

length

ShortField

None

ExportTime

UTCTimeField

0

flowSequence

IntField

0

ObservationDomainID

IntField

0

payload_guess

可能的子层: NetflowDataflowsetV9

class scapy.layers.netflow.NetflowHeaderV5

Bases: scapy.packet.Packet

aliastypes
fields_desc
NetflowHeaderV5字段

count

ShortField

0

sysUptime

IntField

0

unixSecs

UTCTimeField

0

unixNanoSeconds

UTCTimeField

0

flowSequence

IntField

0

engineType

ByteField

0

engineID

ByteField

0

samplingInterval

ShortField

0

payload_guess

可能的子层: NetflowRecordV5

class scapy.layers.netflow.NetflowHeaderV9

Bases: scapy.packet.Packet

aliastypes
fields_desc
NetflowHeaderV9字段

count

ShortField

None

sysUptime

IntField

0

unixSecs

UTCTimeField

None

packageSequence

IntField

0

SourceID

IntField

0

payload_guess

可能的子层: NetflowDataflowsetV9

post_build(pkt, pay)
class scapy.layers.netflow.NetflowOptionsFlowset10

Bases: scapy.layers.netflow.NetflowOptionsFlowsetV9

Netflow V10(IPFix)选项模板FlowSet

aliastypes
extract_padding(s)
fields_desc
NetflowOptionsFlowset10字段

flowSetID

ShortField

3

length

ShortField

None

templateID

ShortField

255

field_count

FieldLenField

None

scope_field_count

FieldLenField

None

scopes

PacketListField

[]

options

PacketListField

[]

class scapy.layers.netflow.NetflowOptionsFlowsetOptionV9

Bases: scapy.packet.Packet

aliastypes
default_payload_class(p)
fields_desc
NetflowOptionsFlowsetOptionV9字段

enterpriseBit

BitField (1位)

0

optionFieldType

BitEnumField (15位)

None

optionFieldlength

ShortField

0

enterpriseNumber

ShortField (Cond)

0

class scapy.layers.netflow.NetflowOptionsFlowsetScopeV9

Bases: scapy.packet.Packet

aliastypes
default_payload_class(p)
fields_desc
NetflowOptionsFlowsetScopeV9字段

scopeFieldType

ShortEnumField

None

scopeFieldlength

ShortField

0

class scapy.layers.netflow.NetflowOptionsFlowsetV9

Bases: scapy.packet.Packet

aliastypes
default_payload_class(p)
extract_padding(s)
fields_desc
NetflowOptionsFlowsetV9字段

flowSetID

ShortField

1

length

ShortField

None

templateID

ShortField

255

option_scope_length

FieldLenField

None

option_field_length

FieldLenField

None

scopes

PacketListField

[]

options

PacketListField

[]

payload_guess

可能的子层: NetflowDataflowsetV9

post_build(pkt, pay)
class scapy.layers.netflow.NetflowOptionsRecordOptionV9

Bases: scapy.layers.netflow.NetflowRecordV9

aliastypes
fields_desc
NetflowOptionsRecordOptionV9字段

fieldValue

StrField

b''

class scapy.layers.netflow.NetflowOptionsRecordScopeV9

Bases: scapy.layers.netflow.NetflowRecordV9

aliastypes
fields_desc
NetflowOptionsRecordScopeV9字段

fieldValue

StrField

b''

class scapy.layers.netflow.NetflowRecordV1

Bases: scapy.packet.Packet

aliastypes
fields_desc
NetflowRecordV1字段

ipsrc

IPField

'0.0.0.0'

ipdst

IPField

'0.0.0.0'

nexthop

IPField

'0.0.0.0'

inputIfIndex

ShortField

0

outpuIfIndex

ShortField

0

dpkts

IntField

0

dbytes

IntField

0

starttime

IntField

0

endtime

IntField

0

srcport

ShortField

0

dstport

ShortField

0

padding

ShortField

0

proto

ByteField

0

tos

ByteField

0

padding1

IntField

0

padding2

IntField

0

payload_guess

可能的子层: NetflowRecordV1

class scapy.layers.netflow.NetflowRecordV5

Bases: scapy.packet.Packet

aliastypes
fields_desc
NetflowRecordV5字段

src

IPField

'127.0.0.1'

dst

IPField

'127.0.0.1'

nexthop

IPField

'0.0.0.0'

input

ShortField

0

output

ShortField

0

dpkts

IntField

1

dOctets

IntField

60

first

IntField

0

last

IntField

0

srcport

ShortField

0

dstport

ShortField

0

pad1

ByteField

0

tcpFlags

FlagsField (8位)

<Flag 2 (S)>

prot

ByteEnumField

6

tos

ByteField

0

src_as

ShortField

0

dst_as

ShortField

0

src_mask

ByteField

0

dst_mask

ByteField

0

pad2

ShortField

0

payload_guess

可能的子层: NetflowRecordV5

class scapy.layers.netflow.NetflowRecordV9

Bases: scapy.packet.Packet

aliastypes
default_payload_class(p)
fields_desc
NetflowRecordV9字段

fieldValue

StrField

b''

class scapy.layers.netflow.NetflowSession(*args)

Bases: scapy.sessions.IPSession

用于对流上的NetflowV9 / 10数据包进行碎片整理的会话. 有关更多信息,请参见help(scapy.layers.netflow).

on_packet_received(pkt)
class scapy.layers.netflow.NetflowTemplateFieldV9(*args, **kwargs)

Bases: scapy.packet.Packet

aliastypes
default_payload_class(p)
fields_desc
NetflowTemplateFieldV9字段

enterpriseBit

BitField (1位)

0

fieldType

BitEnumField (15位)

None

fieldLength

ShortField

0

enterpriseNumber

IntField (Cond)

0

class scapy.layers.netflow.NetflowTemplateV9

Bases: scapy.packet.Packet

aliastypes
default_payload_class(p)
fields_desc
NetflowTemplateV9字段

templateID

ShortField

255

fieldCount

FieldLenField

None

template_fields

PacketListField

[]

class scapy.layers.netflow.ShortOrInt(name, default)

Bases: scapy.fields.IntField

getfield(pkt, x)
scapy.layers.netflow.ipfix_defragment(*args, **kwargs)

netflowv9_defragment的别名

scapy.layers.netflow.netflowv9_defragment(plist, verb=1)

处理所有NetflowV9 / 10数据包以使数据流集的ID与标头匹配

params:
  • plist:混合的NetflowV9 / 10数据包的列表.

  • 动词:详细打印(0/1)