Reader

The Reader object extracts raw features from .pcap files that can be turned into Flow using the Preprocessor class.

class reader.Reader(verbose=False)

Reader object for extracting features from .pcap files

verbose

Boolean indicating whether to be verbose in reading

Type:boolean
Reader.__init__(verbose=False)

Reader object for extracting features from .pcap files

Parameters:verbose (boolean, default=False) – Boolean indicating whether to be verbose in reading

Read data

Reader provides the read() method which reads flow features from a .pcap file. This method automatically chooses the optimal available backend to use.

Reader.read(path)

Read TCP and UDP packets from .pcap file given by path. Automatically choses fastest available backend to use.

Parameters:path (string) – Path to .pcap file to read.
Returns:result – Where features consist of:
  1. Filename of capture
  2. Protocol TCP/UDP
  3. TCP/UDP stream identifier
  4. Timestamp of packet
  5. Length of packet
  6. IP packet source
  7. IP packet destination
  8. TCP/UDP packet source port
  9. TCP/UDP packet destination port
  10. SSL/TLS certificate if exists, else None
Return type:np.array of shape=(n_packets, n_features)

Warning

warning
Method throws warning if tshark is not available.

Cutsom Backend

Alternatively, you can choose your own backend using one of the following methods.

Reader.read_tshark(path)

Read TCP and UDP packets from file given by path using tshark backend

Parameters:path (string) – Path to .pcap file to read.
Returns:result – Where features consist of:
  1. Filename of capture
  2. Protocol TCP/UDP
  3. TCP/UDP stream identifier
  4. Timestamp of packet
  5. Length of packet
  6. IP packet source
  7. IP packet destination
  8. TCP/UDP packet source port
  9. TCP/UDP packet destination port
  10. SSL/TLS certificate if exists, else None
Return type:np.array of shape=(n_packets, n_features)
Reader.read_pyshark(path)

Read TCP and UDP packets from file given by path using pyshark backend

Parameters:path (string) – Path to .pcap file to read.
Returns:result – Where features consist of:
  1. Filename of capture
  2. Protocol TCP/UDP
  3. TCP/UDP stream identifier
  4. Timestamp of packet
  5. Length of packet
  6. IP packet source
  7. IP packet destination
  8. TCP/UDP packet source port
  9. TCP/UDP packet destination port
  10. SSL/TLS certificate if exists, else None
Return type:np.array of shape=(n_packets, n_features)