UDP Chain¶
This module contains the UDPChain flow analysis chain which can be used by PATHspider’s Observer for recording UDP details.
-
class
pathspider.chains.udp.
UDPChain
[source]¶ Field Name Type Meaning udp_zero_checksum_fwd
bool True if the last packet in the flow in the forward direction had the UDP checksum disabled (set to zero). udp_zero_checksum_rev
bool True if the last packet in the flow in the reverse direction had the UDP checksum disabled (set to zero). -
new_flow
(rec, ip)[source]¶ For a new flow, all fields will be initialised to
None
.Parameters: - rec (dict) – the flow record
- ip (plt.ip or plt.ip6) – the IP or IPv6 packet that triggered the creation of a new flow record
Returns: Always
True
Return type: bool
-
udp
(rec, udp, rev)[source]¶ Records details from UDP datagram about the UDP header.
Parameters: - rec (dict) – the flow record
- tcp – the UDP packet that was observed to be part of this flow
- rev (bool) –
True
if the packet was in the reverse direction,False
if in the forward direction
Returns: Always
True
Return type: bool
-