Reader

The Reader object extracts raw features from .pcap files that can be turned into Flow using the Preprocessor class.

class reader.Reader(verbose=False)[source]

Reader object for extracting features from .pcap files

verbose

Boolean indicating whether to be verbose in reading

Type:boolean
Reader.__init__(verbose=False)[source]

Reader object for extracting features from .pcap files

Parameters:verbose (boolean, default=False) – Boolean indicating whether to be verbose in reading

Read data

Reader provides the read() method which reads flow features from a .pcap file. This method automatically chooses the optimal available backend to use.

Reader.read(path)[source]

Read TCP and UDP packets from .pcap file given by path. Automatically choses fastest available backend to use.

Parameters:path (string) – Path to .pcap file to read.
Returns:result – Where features consist of:
  1. Filename of capture
  2. Protocol TCP/UDP
  3. TCP/UDP stream identifier
  4. Timestamp of packet
  5. Length of packet
  6. IP packet source
  7. IP packet destination
  8. TCP/UDP packet source port
  9. TCP/UDP packet destination port
  10. SSL/TLS certificate if exists, else None
Return type:np.array of shape=(n_packets, n_features)

Warning

warning
Method throws warning if tshark is not available.

Cutsom Backend

Alternatively, you can choose your own backend using one of the following methods.

Reader.read_tshark(path)[source]

Read TCP and UDP packets from file given by path using tshark backend

Parameters:path (string) – Path to .pcap file to read.
Returns:result – Where features consist of:
  1. Filename of capture
  2. Protocol TCP/UDP
  3. TCP/UDP stream identifier
  4. Timestamp of packet
  5. Length of packet
  6. IP packet source
  7. IP packet destination
  8. TCP/UDP packet source port
  9. TCP/UDP packet destination port
  10. SSL/TLS certificate if exists, else None
Return type:np.array of shape=(n_packets, n_features)
Reader.read_pyshark(path)[source]

Read TCP and UDP packets from file given by path using pyshark backend

Parameters:path (string) – Path to .pcap file to read.
Returns:result – Where features consist of:
  1. Filename of capture
  2. Protocol TCP/UDP
  3. TCP/UDP stream identifier
  4. Timestamp of packet
  5. Length of packet
  6. IP packet source
  7. IP packet destination
  8. TCP/UDP packet source port
  9. TCP/UDP packet destination port
  10. SSL/TLS certificate if exists, else None
Return type:np.array of shape=(n_packets, n_features)