johnbumgarner/extract_conversation_header.py

## extract_conversation_header.py
import re as regex
from typing import Union

def extract_conversation_header(packet) -> Union[str, None]:
    """
    Extracts the conversation header information from IPv4 or ICMPv6 packets.

    :param packet: PCAP packet
    :return: A string representing the conversation header, or None if not applicable.
    """
    try:
        if "IPv4" in str(packet.layers[0]) and (hasattr(packet, 'tcp') or hasattr(packet, 'udp')):
            protocol = packet.transport_layer
            source_address = packet.ip.src
            destination_address = packet.ip.dst
            source_port = packet[protocol].srcport
            destination_port = packet[protocol].dstport
            return f'{protocol} {source_address}:{source_port} --> {destination_address}:{destination_port}'

        elif "IPv6" in str(packet.layers[0]):
            source_address = packet.ipv6.src
            destination_address = packet.ipv6.dst

            if 'ICMPV6' in str(packet.layers):
                icmpv6_type_discovery = regex.search(r'(Type:)\s(\w.+)\s(\W\d{0,3}\W)', str(packet.layers[2]))
                if icmpv6_type_discovery:
                    icmp_type = icmpv6_type_discovery.groups()[1]
                    return f'{icmp_type} {source_address} --> {destination_address}'

            elif 'TCP' in str(packet.layers) or 'UDP' in str(packet.layers):
                protocol = packet.transport_layer
                source_port = packet[protocol].srcport
                destination_port = packet[protocol].dstport
                return f'{protocol} {source_address}:{source_port} --> {destination_address}:{destination_port}'

    except AttributeError:
        pass

    return None
	import re as regex
	from typing import Union

	def extract_conversation_header(packet) -> Union[str, None]:
	"""
	Extracts the conversation header information from IPv4 or ICMPv6 packets.

	:param packet: PCAP packet
	:return: A string representing the conversation header, or None if not applicable.
	"""
	try:
	if "IPv4" in str(packet.layers[0]) and (hasattr(packet, 'tcp') or hasattr(packet, 'udp')):
	protocol = packet.transport_layer
	source_address = packet.ip.src
	destination_address = packet.ip.dst
	source_port = packet[protocol].srcport
	destination_port = packet[protocol].dstport
	return f'{protocol} {source_address}:{source_port} --> {destination_address}:{destination_port}'

	elif "IPv6" in str(packet.layers[0]):
	source_address = packet.ipv6.src
	destination_address = packet.ipv6.dst

	if 'ICMPV6' in str(packet.layers):
	icmpv6_type_discovery = regex.search(r'(Type:)\s(\w.+)\s(\W\d{0,3}\W)', str(packet.layers[2]))
	if icmpv6_type_discovery:
	icmp_type = icmpv6_type_discovery.groups()[1]
	return f'{icmp_type} {source_address} --> {destination_address}'

	elif 'TCP' in str(packet.layers) or 'UDP' in str(packet.layers):
	protocol = packet.transport_layer
	source_port = packet[protocol].srcport
	destination_port = packet[protocol].dstport
	return f'{protocol} {source_address}:{source_port} --> {destination_address}:{destination_port}'

	except AttributeError:
	pass

	return None