-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathlayer_utils.py
More file actions
76 lines (62 loc) · 2.06 KB
/
layer_utils.py
File metadata and controls
76 lines (62 loc) · 2.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
def collect_unique_values_from_single_layer_array(layer_array):
"""
Iterates over each layer in the layer_array and aggregates all unique
values into a map with sets as the values
Args:
layer_array: an array of layer obects (pyshark.packet.layer.Layer)
Returns
dictionary where the keys are the individual fields in the layer
and the values are a set of all the unique values for that field
across the array.
or None, if layer_array is None
i.e. {"tcp.window_size": {"4099", "6144"}}
"""
if not layer_array:
return None
the_diff = {}
for packet_layer in layer_array:
layer = packet_layer.__dict__["_all_fields"]
for field in layer:
field_str = str(layer[field])
# TODO: use defaultdict
if field not in the_diff:
the_diff[field] = set()
if field_str not in the_diff[field]:
the_diff[field].add(field_str)
return the_diff
def layer_has_field_with_matching_value(layer, value):
"""
Determines if any field, in the layer, exactly matches the specified value.
Args:
layer: the pyshark layer object which will be searched for the value
value: the value being searched for
Returns:
True: if value exactly matches the value in any of the fields for the layer
False: otherwise
"""
if not layer or not value:
return False
fields = layer.__dict__["_all_fields"]
for field in layer.__dict__["_all_fields"]:
if value == fields[field]:
return True
return False
def layer_has_field_containing_value(layer, value):
"""
Determines if any field, in the layer, contains the specified value.
It doesn"t have to be an exact match, it only has to contain the value.
i.e. "20" is contained in "13203"
Args:
layer: the pyshark layer object which will be searched for value
value: the value being searched for
Returns:
True: if value is contained in the value from any of the fields for the layer
False: otherwise
"""
if not layer or not value:
return False
fields = layer.__dict__["_all_fields"]
for field in layer.__dict__["_all_fields"]:
if value in fields[field]:
return True
return False