johnbumgarner/extract_conversation_header.py

## extract_conversation_header.py
# use with pyshark

import re as regex

def extract_conversation_header(packet):
    """
    This function is designed to extract the conversation header information
    from IPv4 or ICMPv6 packets.
    :param packet: PCAP packet
    :return: {protocol} {source_address}:{source_port} --> {destination_address}:{destination_port}
    """
    try:
        if "IPv4" in str(packet.layers[0]) and hasattr(packet, 'tcp') or hasattr(packet, 'udp'):
            protocol = packet.transport_layer
            source_address = packet.ip.src
            destination_address = packet.ip.dst
            source_port = packet[packet.transport_layer].srcport
            destination_port = packet[packet.transport_layer].dstport
            return f'{protocol}  {source_address}:{source_port} --> {destination_address}:{destination_port}'
        elif "IPv6" in str(packet.layers[0]):
            if 'ICMPV6' in str(packet.layers):
                icmpv6_type_discovery = regex.search(r'(Type:)\s(\w.+)\s(\W\d{0,3}\W)', str(packet.layers[2]))
                source_address = packet.ipv6.src
                destination_address = packet.ipv6.dst
                icmp_type = icmpv6_type_discovery.groups()[1]
                return f'{icmp_type} {source_address} --> {destination_address}'
            elif 'TCP' in str(packet.layers):
                protocol = packet.transport_layer
                source_address = packet.ipv6.src
                source_port = packet[packet.transport_layer].srcport
                destination_address = packet.ipv6.dst
                destination_port = packet[packet.transport_layer].dstport
                print(f'{protocol}  {source_address}:{source_port} --> {destination_address}:{destination_port}')
            elif 'UDP' in str(packet.layers):
                protocol = packet.transport_layer
                source_address = packet.ipv6.src
                source_port = packet[packet.transport_layer].srcport
                destination_address = packet.ipv6.dst
                destination_port = packet[packet.transport_layer].dstport
                return f'{protocol}  {source_address}:{source_port} --> {destination_address}:{destination_port}'
    except AttributeError as e:
        pass
	# use with pyshark

	import re as regex

	def extract_conversation_header(packet):
	"""
	This function is designed to extract the conversation header information
	from IPv4 or ICMPv6 packets.
	:param packet: PCAP packet
	:return: {protocol} {source_address}:{source_port} --> {destination_address}:{destination_port}
	"""
	try:
	if "IPv4" in str(packet.layers[0]) and hasattr(packet, 'tcp') or hasattr(packet, 'udp'):
	protocol = packet.transport_layer
	source_address = packet.ip.src
	destination_address = packet.ip.dst
	source_port = packet[packet.transport_layer].srcport
	destination_port = packet[packet.transport_layer].dstport
	return f'{protocol} {source_address}:{source_port} --> {destination_address}:{destination_port}'
	elif "IPv6" in str(packet.layers[0]):
	if 'ICMPV6' in str(packet.layers):
	icmpv6_type_discovery = regex.search(r'(Type:)\s(\w.+)\s(\W\d{0,3}\W)', str(packet.layers[2]))
	source_address = packet.ipv6.src
	destination_address = packet.ipv6.dst
	icmp_type = icmpv6_type_discovery.groups()[1]
	return f'{icmp_type} {source_address} --> {destination_address}'
	elif 'TCP' in str(packet.layers):
	protocol = packet.transport_layer
	source_address = packet.ipv6.src
	source_port = packet[packet.transport_layer].srcport
	destination_address = packet.ipv6.dst
	destination_port = packet[packet.transport_layer].dstport
	print(f'{protocol} {source_address}:{source_port} --> {destination_address}:{destination_port}')
	elif 'UDP' in str(packet.layers):
	protocol = packet.transport_layer
	source_address = packet.ipv6.src
	source_port = packet[packet.transport_layer].srcport
	destination_address = packet.ipv6.dst
	destination_port = packet[packet.transport_layer].dstport
	return f'{protocol} {source_address}:{source_port} --> {destination_address}:{destination_port}'
	except AttributeError as e:
	pass