Reader¶
The Reader object extracts raw features from .pcap files that can be turned into Flow using the Preprocessor class.
-
class
reader.
Reader
(verbose=False)[source]¶ Reader object for extracting features from .pcap files
-
verbose
¶ Boolean indicating whether to be verbose in reading
Type: boolean
-
-
Reader.
__init__
(verbose=False)[source]¶ Reader object for extracting features from .pcap files
Parameters: verbose (boolean, default=False) – Boolean indicating whether to be verbose in reading
Read data¶
Reader provides the read() method which reads flow features from a .pcap file. This method automatically chooses the optimal available backend to use.
-
Reader.
read
(path)[source]¶ Read TCP and UDP packets from .pcap file given by path. Automatically choses fastest available backend to use.
Parameters: path (string) – Path to .pcap file to read. Returns: result – Where features consist of: - Filename of capture
- Protocol TCP/UDP
- TCP/UDP stream identifier
- Timestamp of packet
- Length of packet
- IP packet source
- IP packet destination
- TCP/UDP packet source port
- TCP/UDP packet destination port
- SSL/TLS certificate if exists, else None
Return type: np.array of shape=(n_packets, n_features) Warning
- warning
- Method throws warning if tshark is not available.
Cutsom Backend¶
Alternatively, you can choose your own backend using one of the following methods.
-
Reader.
read_tshark
(path)[source]¶ Read TCP and UDP packets from file given by path using tshark backend
Parameters: path (string) – Path to .pcap file to read. Returns: result – Where features consist of: - Filename of capture
- Protocol TCP/UDP
- TCP/UDP stream identifier
- Timestamp of packet
- Length of packet
- IP packet source
- IP packet destination
- TCP/UDP packet source port
- TCP/UDP packet destination port
- SSL/TLS certificate if exists, else None
Return type: np.array of shape=(n_packets, n_features)
-
Reader.
read_pyshark
(path)[source]¶ Read TCP and UDP packets from file given by path using pyshark backend
Parameters: path (string) – Path to .pcap file to read. Returns: result – Where features consist of: - Filename of capture
- Protocol TCP/UDP
- TCP/UDP stream identifier
- Timestamp of packet
- Length of packet
- IP packet source
- IP packet destination
- TCP/UDP packet source port
- TCP/UDP packet destination port
- SSL/TLS certificate if exists, else None
Return type: np.array of shape=(n_packets, n_features)