Packet Decoding Functions¶
sth::packet_decode¶
Purpose¶
Decodes captured packets from a specified packet capture file
Synopsis¶
Note
M indicates that the argument is Mandatory .
sth::packet_decode [-open_captured_file <files>] [-frame_decode_type {contents | l2encap | hdr_fields}] [-protocol_field {ipv4 | ethernet_2 | ethernet_2_vlan | ipv6 }] [-header_field_types -protocol_field ipv4 {version | tos_reliability | tos_unused | ds_codepoint | ds_unused | tot_len | identification | flags | fragment_offset | ttl | protocol | header_checksum | source_address | destination_address | destination_address | source_address | ether_type} -protocol_field ethernet_2 {destination_address | source_address | ether_type} -protocol_field ethernet_2_vlan {destination_address | source_address | vlan_tag_type | vlan_user_priority | vlan_cfi | vlan_id | ether_type} -protocol_field ipv6 {version | traffic_class flow_label | payload_length | next_header | hop_limit source_address | destination_address}]
Arguments¶
-
-open_captured_file¶ Specifies a previously saved capture file you want to decode
-
-frame_decode_type¶ Specifies the method to decode individual frames, when a packet set is retrieved. Possible value are:
contents Decodes data bytes for individual frames. The returned value is a list of decimals which are octets extracted from a particular capture packet. l2encap Identifies link layer frame encapsulations from individual frames. The encapsulation types are listed below:: l2_ethernet_dix Ethernet II l2_ethernet_dix_vlan Ethernet II, with VLAN tags l2_ethernet_sap 802.3 SAP l2_ethernet_sap_vlan 802.3 SAP, with VLAN tags l2_ethernet_snap 802.3 LLC SNAP l2_ethernet_snap_vlan 802.3 LLC SNAP, with VLAN tags l2_ethernet_dix_ppp PPPoE l2_ethernet_dix_ppp_vlan PPPoE, with VLAN tags l2_ethernet_sap_jumbo 802.3 SAP jumbo size (frames longer than 9,022 bytes) l2_ethernet_sap_jumbo_vlan 802.3 SAP jumbo size with VLAN tags l2_ethernet_snap_jumbo 802.3 LLC SNAP jumbo size l2_ethernet_snap_jumbo_vlan 802.3 LLC SNAP jumbo size with VLAN tags l2_unknown An unrecognized Layer 2 encapsulation hdr_fields Decodes the protocol bytes as specified by header fields. If this option is used, you must also specify -protocol_field and header_field_types.
-
-protocol_field¶ Specifies the protocol under header fields. Possible values are ipv4, ethernet_2, ethernet_2_vlan and ipv6. Each protocol has its own set of fields. See -header_field_types.
-
-header_field_types¶ Specifies the header field values corresponding to the protocol. When -protocol_field is set to ipv4, the following fields are available:
version IP version hlen Header length tos_precedence TOS precedence tos_value TOS value tos_delay TOS delay tos_throughput TOS throughput tos_reliability TOS Reliability tos_unused TOS unused ds_codepoint Differentiated Services (DS) Code Point ds_unused DS unused tot_len Total length identification Identification flags Flags fragment_offset Fragment offset ttl TTL protocol Protocol header_checksum Header checksum source_address Source address destination_address Destination address
When -protocol_field is set to ethernet_2, the following fields are available:
ether_type Ethernet type destination_address Destination address source_address Source addressWhen -protocol_field is set to ethernet_2_vlan, the following fields are available:
destination_address Destination address source_address Source address ether_type Ethernet type vlan_tag_type VLAN tag type vlan_user_priority VLAN user priority vlan_cfi VLAN CFI vlan_id VLAN ID
When -protocol_field is set to ipv6, the following fields are available:
version IP version traffic_class Traffic class flow_label Flow label payload_length Payload length next_header Next header hop_limit Hop limit destination_address Destination address source_address Source address
Return Values¶
Depending on the specific language that HLTAPI uses, the function returns a keyed list/dictionary/hash (See Introduction for more information on return value formats) using the following keys (with corresponding data):
contents A list of decimals which are octets extracted from
a particular capture packet
l2encap Identifies link layer frame encapsulations
hdr_fields A list of header fields, in octets, specified by
-header_field_types
status Success (1) or failure (0) of the operation
log An error message (if the operation failed)
Description¶
The sth::packet_decode function decodes the captured packets by the specified
criteria. The supported file formats include pcap, pcapnp, cap,
cap.gz, etc.
Note
Tshark is required for the function. Refer to the Spirent TestCenter HLTAPI Release Note for detailed information on supported software applications and versions.
Examples The following example decodes individual frames in data bytes:
sth::packet_decode -open_captured_file "C:/temp/default.cap"\
-frame_decode_type contents
Sample Output:
{status 1} {log {}} {contents {{0 {0 17 34 51 68 102 0 17 34 51 68 85 1 238 254 224 0
0 0 0 0 0 0 0 0 0 0 254 94 149 55 110 81 124 42 141 99 5 33 8 228 217 102 183 128 85
157 48 193 135 57}} {1 {0 17 34 51 68 102 0 17 34 51 68 85 1 238 254 224 1 254 94 149
55 108 81 124 42 141 99 5 46 142 18 221 102 179 4 210 221 65 31 19 157}}}}
The following example decodes the capture packets by the specified header fields:
sth::packet_decode \
-open_captured_file "C:/temp/default.cap"\
-frame_decode_type hdr_fields \
-header_field_types "destination_address source_address"\
-protocol_field "ipv4"
Sample Output:
{status 1} {log {}} {hdr_fields {{0 {{source_address {}} {destination_address {}}}}
{1 {{source_address {192 85 1 2}} {destination_address {192 0 0 1}}}}}}