Last active
June 10, 2024 17:44
-
-
Save johnbumgarner/9594e36a31bf1e220838160c37bfc7d4 to your computer and use it in GitHub Desktop.
This function is designed to extract specific IPv6 elements from a PCAP packet.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import regex | |
| from typing import Union, Dict | |
| def extract_ipv6_information(packet) -> Union[Dict[str, Union[str, int]], None]: | |
| """ | |
| Extracts specific IPv6 elements from a PCAP packet. | |
| :param packet: PCAP packet | |
| :return: A dictionary containing extracted IPv6 information or None if not an IPv6 packet | |
| :rtype: Union[dict, None] | |
| """ | |
| try: | |
| if 'IPV6' in str(packet.layers): | |
| result = { | |
| 'source_address': packet.ipv6.src, | |
| 'destination_address': packet.ipv6.dst, | |
| 'next_header_info': regex.findall(r'(Next Header:)\s(\w.+)\s(\W\d{0,3}\W)', str(packet.layers[1])) | |
| } | |
| if 'ICMPV6' in str(packet.layers): | |
| result['icmpv6_type'] = regex.search(r'(Type:)\s(\w.+)\s(\W\d{0,3}\W)', str(packet.layers[2])) | |
| elif 'TCP' in str(packet.layers) or 'UDP' in str(packet.layers): | |
| protocol = packet.transport_layer | |
| result['protocol'] = protocol | |
| result['source_port'] = packet[protocol].srcport | |
| result['destination_port'] = packet[protocol].dstport | |
| return result | |
| except AttributeError: | |
| pass | |
| return None |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment