-
Notifications
You must be signed in to change notification settings - Fork 0
Classes
There are several classes built into python-flowtuple. These include:
| Class | Description | libflowtuple equivalent |
|---|---|---|
flowtuple.Handle |
Entry point to module. Handles flowtuple file and gets records from it. | flowtuple_handle_t |
flowtuple.Header |
Header record. | flowtuple_header_t |
flowtuple.Trailer |
Trailer record. | flowtuple_trailer_t |
flowtuple.Interval |
Interval record. | flowtuple_interval_t |
flowtuple.Class |
Flowtuple class record. | flowtuple_class_t |
flowtuple.Data |
Flowtuple data record. | flowtuple_data_t |
flowtuple.error |
Exception class. | N/A |
The flowtuple.Handle type is to function as the entry point to the library.
It is in charge of reading the file and handing you the records in the correct
type.
Gets the next record from the
flowtuple.Handleobject and will return one offlowtuple.Header,flowtuple.Trailer,flowtuple.Interval,flowtuple.Class, andflowtuple.Datadepending on what type the next record in the file is.
| Descriptor | Type | Description |
|---|---|---|
| uri | string | uri of file opened. |
The flowtuple.Header type is to represent a header record in a flowtuple
file.
| Descriptor | Type | Description |
|---|---|---|
| interval_length | integer | Length of intervals. |
| local_init_time | integer | Local initialization time of file. |
| plugins | list | List of plugin magics used. |
| traceuri | string | Uri of tracefile used to generate flowtuple data. |
| version_major | integer | Major version number of corsaro used. |
| version_minor | integer | Minor version number of corsaro used. |
The flowtuple.Trailer type is to represent a trailer record in a flowtuple
file.
| Descriptor | Type | Description |
|---|---|---|
| accepted_count | integer | Count of accepted packet. |
| dropped_count | integer | Count of dropped packets. |
| first_packet_time | integer | Time of first packet. |
| last_packet_time | integer | Time of final packet. |
| local_final_time | integer | Final time when corsaro exited. |
| packet_count | integer | Number of packets. |
| runtime | integer | Corsaro run time. |
The flowtuple.Interval type is to represent an interval record in a flowtuple
file.
| Descriptor | Type | Description |
|---|---|---|
| number | integer | Interval number. |
| time | integer | Timestamp of record. |
The flowtuple.Class type is to represent a class record in a flowtuple file.
| Descriptor | Type | Description |
|---|---|---|
| class_type | integer | Class type (backscatter, icmpreq, other). |
| key_count | integer | Number of data records in class (start only). |
| magic | integer | Magic number in class. |
The flowtuple.Data type is to represent a data record in a flowtuple file.
Returns
Trueif destination IP address is stored in a slash eight format. This means thatdest_ipwill give you an integer that all the first eight bits are set to 0.
| Descriptor | Type | Description |
|---|---|---|
| class_type | flowtuple.Class |
Class start object. |
| dest_ip | integer | Destination IP address. |
| dest_port | integer | Destination port. |
| ip_len | integer | IP length. |
| number | integer | Data record number within class. |
| packet_count | integer | Number of packets. |
| protocol | integer | Protocol (TCP, UDP, ICMP, etc.). |
| src_ip | integer | Source IP address. |
| src_port | integer | Source port. |
| tcp_flags | integer | TCP flags. |
| ttl | integer | Time to live. |