TCP Options Chain¶

This module contains the TCPOptChain flow analysis chain which can be used by PATHspider’s Observer for recording the presentent of the TCP TS, WS, and SACK options.

class pathspider.chains.tcpopt.TCPOptChain[source]¶

This flow analysis chain records details of the TCP Maximum Segment Size (MSS) option in the flow record. It will determine the length and value of the field if present in SYN packets.

Field Name	Type	Meaning
`tcpopt_ts`	bool	Indicates if the timestamp option is present in the SYN/ACK.
`tcpopt_ws`	bool	Indicates if the Window Scaling option is present in the SYN/ACK.
`tcpopt_sack`	bool	Indicates if the Sack option is present in the SYN/ACK.

new_flow(rec, ip)[source]¶

For a new flow, all fields will be initialised to None.

Parameters:	rec (dict) – the flow record ip (plt.ip or plt.ip6) – the IP or IPv6 packet that triggered the creation of a new flow record
Returns:	Always `True`
Return type:	bool

tcp(rec, tcp, rev)[source]¶

Records if TCP option (TS, WS, SACK) are present in the SYN/ACK.

Parameters:	rec (dict) – the flow record tcp – the TCP segment that was observed to be part of this flow rev (bool) – True if the packet was in the reverse direction, False if in the forward direction
Returns:	Always True
Return type:	bool

Previous topic

Next topic

This Page

TCP Options Chain¶