wltrace.peektagged module

Omnipeek peek-tagged packet trace parser.

Peek-tagged file contains several sections:

  • 0x7fver: Omnipeek software version information.
  • sess: Session information, include total packet number.
  • pkts: Packets.

Each section starts with a fixed-sized section header, then variable sized payloads. The format is documented here: http://varsanofiev.com/inside/airopeekv9.htm

class wltrace.peektagged.PeektaggedCapture(path, *args, **kwargs)[source]

Bases: wltrace.common.WlTrace

Peek-tagged capture file.

Here we know the total number of packets beforehand from the “sess” section. So this class has an extra total_packets attribute.

exception wltrace.peektagged.PeektaggedException[source]

Bases: exceptions.Exception

class wltrace.peektagged.PeektaggedPacketHeader(fh, *args, **kwargs)[source]

Bases: object

Per packet header.

This is peek-tagged format’s specific way to convey PHY layer information in packet trace.

TAGS = {0: ('len', '<I'), 1: ('ts_low', '<I'), 2: ('ts_high', '<I'), 3: ('flags', '<I'), 4: ('channel', '<I'), 5: ('rate', '<I'), 6: ('signal_level', '<I'), 7: ('signal', '<i'), 8: ('noise_level', '<I'), 9: ('noise', '<i'), 13: ('freq_mhz', '<I'), 21: ('ext_flags', '<I'), 65535: ('caplen', '<I')}
to_phy()[source]

Convert this to the standard pyparser.capture.common.PhyInfo class.

class wltrace.peektagged.PeektaggedSectionHeader(fh, *args, **kwargs)[source]

Bases: wltrace.common.GenericHeader

Peek-tagged section header.

Parameters:
  • fh (file object) – file to be read.
  • load_payload (bool) – whether or not read the payload from the file. By default, it is False. For small sections, such as “0x7fver”, “sess”, it is no big deal. But for “pkts” section, which can be huge, we do not want to load the entire section at once.
FIELDS = ['tag', 'len', 'pad']
PACK_PATTERN = '<4sII'