ICMP Chain¶
This module contains the ICMPChain flow analysis chain which can be used by PATHspider’s Observer for recording ICMPv4 [RFC792] and ICMPv6 [RFC4443] details.
-
pathspider.chains.icmp.ICMP4_TTLEXCEEDED= 11¶ ICMPv4 Message Type - TTL Exceeded
-
pathspider.chains.icmp.ICMP4_UNREACHABLE= 3¶ ICMPv4 Message Type - Unreachable
-
pathspider.chains.icmp.ICMP6_TTLEXCEEDED= 3¶ ICMPv6 Message Type - Time Exceeded
-
pathspider.chains.icmp.ICMP6_UNREACHABLE= 1¶ ICMPv6 Message Type - Unreachable
-
class
pathspider.chains.icmp.ICMPChain[source]¶ This flow analysis chain records details of ICMP messages in the flow record. It will record when a message of certain types have been seen during a flow.
Field Name Type Meaning icmp_unreachablebool An ICMP unreachable message was seen in the reverse direction -
icmp4(rec, ip, q, rev)[source]¶ Records ICMPv4 details.
- ICMPv4 Unreachable Messages
- Sets
icmp_unreachabletoTrueif an ICMP Unreachable message is seen in the reverse direction.
Parameters: - rec (dict) – the flow record
- ip (plt.ip) – the IPv4 packet that was observed to be part of this flow and contained an ICMPv4 header
- q (plt.ip) – the ICMP quotation of the packet that triggered this message (if any)
- rev (bool) –
Trueif the packet was in the reverse direction,Falseif in the forward direction
Returns: Falseif an ICMP unreachable message has been observed, otherwiseTrueReturn type: bool
-
icmp6(rec, ip6, q, rev)[source]¶ Records ICMPv6 details.
- ICMPv6 Unreachable Messages
- Sets
icmp_unreachabletoTrueif an ICMP Unreachable message is seen in the reverse direction.
Parameters: - rec (dict) – the flow record
- ip (plt.ip6) – the IPv6 packet that was observed to be part of this flow and contained an ICMPv6 header
- q (plt.ip) – the ICMP quotation of the packet that triggered this message (if any)
- rev (bool) –
Trueif the packet was in the reverse direction,Falseif in the forward direction
Returns: Falseif an ICMP unreachable message has been observed, otherwiseTrueReturn type: bool
-