5.5. NetShark API v4.0 classes¶

This page documents the underlying classes that are used when connecting to a NetShark via API v4.x.

5.5.1. Capture Job Objects (v4)¶

class steelscript.netshark.core.Job4(shark, data)¶

A capture job packet source. These objects are normally not instantiated directly, but are instead obtained by calling NetShark.get_capture_jobs or NetShark.get_capture_job_by_name.

add_clip(filters, description, locked=True)¶

Create a new trace clip under this job.

filters limit which packets from the clip should go into this clip. Since all packets in the new clip will be kept on disk if the clip is locked, this field typically includes time filters to limit the clip to a fixed time interval.

description is a name for the clip, it is shown next to the clip in the Pilot user interface.

If locked is True, packets in the new clip will not be deleted from disk as long as the clip exists. Note that locking packets in trace clips necessarily reduces the amount of disk capacity for existing capture jobs.

Returns a trace clip object representing the new clip.

clear(restart=False)¶: Clear data in the NetShark appliance

classmethod create(shark, interface, name, packet_retention_size_limit, packet_retention_packet_limit=None, packet_retention_time_limit=None, bpf_filter=None, snap_length=65525, indexing_size_limit=None, indexing_synced=False, indexing_time_limit=None, start_immediately=True, requested_start_time=None, requested_stop_time=None, stop_rule_size_limit=None, stop_rule_packet_limit=None, stop_rule_time_limit=None)¶: Create a new capture job

delete()¶: Delete job from the NetShark appliance

download(path=None)¶: Download the Job packets to a path. If path is None packets will be exported to a temporary file. A file object that contains the packets is returned.

get(shark, id, name=None)¶

classmethod get_all(shark)¶

Get the complete list of capture jobs on given a NetShark.

netshark is an steelscript.netshark.core.netshark.NetShark object

Returns a list of CaptureJob objects

size_on_disk, keep_size, packet_start_time,: packet_end_time,

get_index_info()¶: Return statistics about the capture job index.

get_state()¶: Return the state of the job (e.g. RUNNING, STOPPED)

get_stats()¶: Return statistics about the capture job.

get_status()¶: Return status information about the capture job.

handle¶: The internal capture job handle. The handle is sometimes required for advanced operations on the job.

interface¶: an Interface object, representing the interface used as a packet source for this job.

is_live()¶: Can be used to determine if a source object is live or offline. The result is always False for a CaptureJob.

name¶: The capture job name

packet_end_time¶

packet_start_time¶

size_limit¶: The capture job maximum size, corresponding to the one shown by the NetShark UI shows.

size_on_disk¶: The capture job actual size, corresponding to the one shown by the NetShark UI shows.

source_options¶

source_path¶

start()¶: Start a job in the NetShark appliance

stop()¶: Stop a job in the NetShark appliance

update(data)¶: Update the data of the current object with new data from the server

5.5.2. Interface Objects (v4)¶

class steelscript.netshark.core.Interface4(shark, data)¶

A physical interface packet source, that can be used for live packet capture. Interface objects are normally not instantianted directly, but are instead obtained by calling steelscript.netshark.core.netshark.NetShark.get_interfaces() or steelscript.netshark.core.netshark.NetShark.get_interface_by_name().

description¶: The interface description.

classmethod get_all(shark)¶

is_live()¶: Can be used to determine if a source object is live or offline. The result is always True for an Interface4.

name¶: The interface device name.

source_options¶

source_path¶

update()¶: Update current object with the values from the server

5.5.3. Trace Clip Objects (v4)¶

Trace clip objects are used to work with trace clips. These objects are not instantiated directly but are returned from methods such as NetShark.get_clips().

class steelscript.netshark.core.Clip4(shark, data)¶

A trace clip packet source. These objects are returned by NetShark.get_clips.

Trace clip objects have the following properties:

description
size
add()
delete()
download()

These methods provide a way to obtain clip objects, though it is usually easier to use methods like NetShark.get_clips().

get_all()

Complete method and property descriptions:

classmethod add(shark, job, filters, description, locked=True)¶

Create a new clip given a NetShark connection and a job handle.

netshark is a NetShark object

description will be associated with the new clip. (The description is shown near the clip in grey in Pilot)

job is the capture job to use

filters is the list of filters to associate to the clip. In order for the clip to be valid, there must be at list one time filter in this list

Returns a trace clip object for the new clip.

delete()¶: Erase the clip from netshark

description¶: Returns the description of the clip

download(path=None)¶: Download the Clip packets to a file. If path is None packets will be exported to a temporary file. A file object that contains the packets is returned.

classmethod get_all(shark)¶

Get the complete list of trace files on given a NetShark.

netshark is an steelscript.netshark.core.netshark.NetShark object

Returns a list of TraceFile objects

locked(*args, **kwds)¶: Set or retrieve locked state of a clip

size¶: Returns the size of the clip

source_path¶: Return the path of a Clip used for the internal netshark representation