Link Search Menu Expand Document


pcapml_fe exposes a simple iterator over a sorted pcapml encoded dataset. The iterator can return raw bytes, scapy packets or dpkt packets. The iterator contains all of the information about a single traffic sample, including the sampleID, the metadata associated with the traffic, the raw packet buffers, and the timestamps associated with each raw packet.

Below is a full example (source available here) of loading and iterating over the pcapml encoded DTLS dataset available for download

Note: The third import provides helpers that can read raw bytes into dpkt or scapy Ethernet frames (dpkt_readEther and scapy_readEther, respectively). The helpers are not strictly necessary to parse pcapML files.

import argparse
import pcapml_fe
from pcapml_fe_helpers import *

def main():
    Reads a pcapng file labeled and sorted with pcapml, presenting traffic samples to 
    the user for features to be extracted from. To test the method on a new dataset
    the only needed change is to load in a different dataset
    parser = argparse.ArgumentParser()
    args = parser.parse_args()
    for traffic_sample in pcapml_fe.sampler(args.pcapml_dataset):

def extract_info(traffic_sample):
    Each sample contains the sampleID, metadata and a list of packets 
    with their associated timestamps
    print("Sample ID:", traffic_sample.sid)
    print("Sample metadata:", traffic_sample.metadata)
    iterating over the traffic sample (packets and timestamps)
    for pkt in traffic_sample.packets:
        # Print packet timestamp and raw bytes
        print(pkt.ts, pkt.raw_bytes)

        dpacket = dpkt_readEther(pkt.raw_bytes)

        spacket = scapy_readEther(pkt.raw_bytes)

if __name__ == '__main__':