arush15june/pcap_detect.py

## pcap_detect.py
from binascii import unhexlify

PCAPNG_MAGIC = unhexlify('0a0d0d0a')
PCAP_MAGIC_BIG_ENDIAN_MICROSEND = unhexlify('a1b2c3d4')
PCAP_MAGIC_LITTLE_ENDIAN_MICROSECOND = unhexlify('d4c3b2a1')
PCAP_MAGIC_BIG_ENDIAN_NANOSECOND = unhexlify('a1b23c4d')
PCAP_MAGIC_LITTLE_ENDIAN_NANOSECOND = unhexlify('4d3cb2a1')

PACKET_CAPTURE_MAGICS = [
    PCAPNG_MAGIC,
    PCAP_MAGIC_BIG_ENDIAN_MICROSEND,
    PCAP_MAGIC_LITTLE_ENDIAN_MICROSECOND,
    PCAP_MAGIC_BIG_ENDIAN_NANOSECOND,
    PCAP_MAGIC_LITTLE_ENDIAN_NANOSECOND
]

def is_packet_capture(filepath: os.PathLike) -> bool:
    """Verify if filepath is a packet capture.
    """
    FIRST_BYTES = 4

    for magic in PACKET_CAPTURE_MAGICS:
        with open(filepath, 'rb') as f:
            first_four_bytes = f.read(FIRST_BYTES)
            if magic == first_four_bytes:
                return True
	from binascii import unhexlify

	PCAPNG_MAGIC = unhexlify('0a0d0d0a')
	PCAP_MAGIC_BIG_ENDIAN_MICROSEND = unhexlify('a1b2c3d4')
	PCAP_MAGIC_LITTLE_ENDIAN_MICROSECOND = unhexlify('d4c3b2a1')
	PCAP_MAGIC_BIG_ENDIAN_NANOSECOND = unhexlify('a1b23c4d')
	PCAP_MAGIC_LITTLE_ENDIAN_NANOSECOND = unhexlify('4d3cb2a1')

	PACKET_CAPTURE_MAGICS = [
	PCAPNG_MAGIC,
	PCAP_MAGIC_BIG_ENDIAN_MICROSEND,
	PCAP_MAGIC_LITTLE_ENDIAN_MICROSECOND,
	PCAP_MAGIC_BIG_ENDIAN_NANOSECOND,
	PCAP_MAGIC_LITTLE_ENDIAN_NANOSECOND
	]

	def is_packet_capture(filepath: os.PathLike) -> bool:
	"""Verify if filepath is a packet capture.
	"""
	FIRST_BYTES = 4

	for magic in PACKET_CAPTURE_MAGICS:
	with open(filepath, 'rb') as f:
	first_four_bytes = f.read(FIRST_BYTES)
	if magic == first_four_bytes:
	return True