Class: Packet
The Packet object represents a single captured network packet and its
associated metadata. It describes where the packet came from, how it is stored
or encoded, and how it can be located within a capture file or stream. This
object does not interpret protocol content; it only represents the captured
packet data and its positioning information.
URI: ocsf:Packet
classDiagram
class Packet
click Packet href "../Packet/"
Object <|-- Packet
click Object href "../Object/"
Packet : encoding
Packet : encoding_id
Packet --> "0..1 _recommended_" PacketEncodingIdEnum : encoding_id
click PacketEncodingIdEnum href "../PacketEncodingIdEnum/"
Packet : end_offset
Packet : format
Packet : format_id
Packet --> "0..1 _recommended_" PacketFormatIdEnum : format_id
click PacketFormatIdEnum href "../PacketFormatIdEnum/"
Packet : sequence_number
Packet : source
Packet : source_id
Packet --> "0..1 _recommended_" PacketSourceIdEnum : source_id
click PacketSourceIdEnum href "../PacketSourceIdEnum/"
Packet : start_offset
Packet : value
Inheritance
- OcsfObject
- Object
- Packet
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| encoding | 0..1 String |
The human-readable name of the encoding used to represent the packet data in | direct |
| encoding_id | 0..1 recommended PacketEncodingIdEnum |
The normalized identifier of the encoding method used to represent the packet | direct |
| end_offset | 0..1 Integer |
The ending byte position of this packet within a capture file or stream | direct |
| format | 0..1 String |
The human-readable name of the packet capture file format in which the packet | direct |
| format_id | 0..1 recommended PacketFormatIdEnum |
The normalized identifier of the packet capture format | direct |
| sequence_number | 0..1 Integer |
The relative order number of this packet within its capture context (such as ... | direct |
| source | 0..1 String |
The human-readable name describing how or where the packet was obtained | direct |
| source_id | 0..1 recommended PacketSourceIdEnum |
A normalized numeric identifier that specifies how the packet was obtained or | direct |
| start_offset | 0..1 Integer |
The starting byte position of this packet within a capture file or stream | direct |
| value | 1 String |
The actual packet data, represented as a string | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| NetworkEvent | packet_list | range | Packet |
| DhcpActivity | packet_list | range | Packet |
| DnsActivity | packet_list | range | Packet |
| FtpActivity | packet_list | range | Packet |
| HttpActivity | packet_list | range | Packet |
| NetworkActivity | packet_list | range | Packet |
| NetworkFileActivity | packet_list | range | Packet |
| NtpActivity | packet_list | range | Packet |
| RdpActivity | packet_list | range | Packet |
| SmbActivity | packet_list | range | Packet |
| SshActivity | packet_list | range | Packet |
| TunnelActivity | packet_list | range | Packet |
In Subsets
Aliases
- Packet
See Also
- https://d3fend.mitre.org/dao/artifact/d3f:NetworkPacket/
- https://d3fend.mitre.org/dao/artifact/d3f:PacketCaptureFile/
- https://d3fend.mitre.org/dao/artifact/d3f:PacketLog/
Notes
- D3FEND™ Ontology d3f:NetworkPacket. — https://d3fend.mitre.org/dao/artifact/d3f:NetworkPacket/
- D3FEND™ Ontology d3f:PacketCaptureFile. — https://d3fend.mitre.org/dao/artifact/d3f:PacketCaptureFile/
- D3FEND™ Ontology d3f:PacketLog. — https://d3fend.mitre.org/dao/artifact/d3f:PacketLog/
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Packet |
| native | ocsf:Packet |
LinkML Source
Direct
name: Packet
description: 'The Packet object represents a single captured network packet and its
associated metadata. It describes where the packet came from, how it is stored
or encoded, and how it can be located within a capture file or stream. This
object does not interpret protocol content; it only represents the captured
packet data and its positioning information.'
notes:
- 'D3FEND™ Ontology d3f:NetworkPacket. —
https://d3fend.mitre.org/dao/artifact/d3f:NetworkPacket/'
- 'D3FEND™ Ontology d3f:PacketCaptureFile. —
https://d3fend.mitre.org/dao/artifact/d3f:PacketCaptureFile/'
- 'D3FEND™ Ontology d3f:PacketLog. —
https://d3fend.mitre.org/dao/artifact/d3f:PacketLog/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:NetworkPacket/
- https://d3fend.mitre.org/dao/artifact/d3f:PacketCaptureFile/
- https://d3fend.mitre.org/dao/artifact/d3f:PacketLog/
aliases:
- Packet
is_a: Object
slots:
- encoding
- encoding_id
- end_offset
- format
- format_id
- sequence_number
- source
- source_id
- start_offset
- value
slot_usage:
encoding:
name: encoding
description: 'The human-readable name of the encoding used to represent the packet
data in
the <code>value</code> field. This should match the caption associated with
<code>encoding_id</code>. If <code>encoding_id</code> is 99 (Other), this field
contains the original data source–specific encoding value.'
encoding_id:
name: encoding_id
description: 'The normalized identifier of the encoding method used to represent
the packet
data as a string.'
range: PacketEncodingIdEnum
recommended: true
end_offset:
name: end_offset
description: The ending byte position of this packet within a capture file or
stream.
format:
name: format
description: 'The human-readable name of the packet capture file format in which
the packet
is stored. This should match the caption associated with
<code>format_id</code>. If <code>format_id</code> is 99 (Other), this field
contains the original data source–specific format value.'
format_id:
name: format_id
description: The normalized identifier of the packet capture format.
range: PacketFormatIdEnum
recommended: true
sequence_number:
name: sequence_number
description: 'The relative order number of this packet within its capture context
(such as a
PCAP file, network session, or reconstructed stream). This represents
chronological capture order, distinct from both protocol-level sequencing (such
as TCP sequence numbers).'
source:
name: source
description: 'The human-readable name describing how or where the packet was obtained.
This
should match the caption associated with <code>source_id</code>. If
<code>source_id</code> is 99 (Other), this field contains the original data
source–specific value.'
source_id:
name: source_id
description: 'A normalized numeric identifier that specifies how the packet was
obtained or
generated.'
range: PacketSourceIdEnum
recommended: true
start_offset:
name: start_offset
description: The starting byte position of this packet within a capture file or
stream.
value:
name: value
description: 'The actual packet data, represented as a string. The format of this
string is
determined by the specified <code>encoding_id</code> (e.g., Base64,
Hexadecimal, or URL Encoded).'
required: true
Induced
name: Packet
description: 'The Packet object represents a single captured network packet and its
associated metadata. It describes where the packet came from, how it is stored
or encoded, and how it can be located within a capture file or stream. This
object does not interpret protocol content; it only represents the captured
packet data and its positioning information.'
notes:
- 'D3FEND™ Ontology d3f:NetworkPacket. —
https://d3fend.mitre.org/dao/artifact/d3f:NetworkPacket/'
- 'D3FEND™ Ontology d3f:PacketCaptureFile. —
https://d3fend.mitre.org/dao/artifact/d3f:PacketCaptureFile/'
- 'D3FEND™ Ontology d3f:PacketLog. —
https://d3fend.mitre.org/dao/artifact/d3f:PacketLog/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:NetworkPacket/
- https://d3fend.mitre.org/dao/artifact/d3f:PacketCaptureFile/
- https://d3fend.mitre.org/dao/artifact/d3f:PacketLog/
aliases:
- Packet
is_a: Object
slot_usage:
encoding:
name: encoding
description: 'The human-readable name of the encoding used to represent the packet
data in
the <code>value</code> field. This should match the caption associated with
<code>encoding_id</code>. If <code>encoding_id</code> is 99 (Other), this field
contains the original data source–specific encoding value.'
encoding_id:
name: encoding_id
description: 'The normalized identifier of the encoding method used to represent
the packet
data as a string.'
range: PacketEncodingIdEnum
recommended: true
end_offset:
name: end_offset
description: The ending byte position of this packet within a capture file or
stream.
format:
name: format
description: 'The human-readable name of the packet capture file format in which
the packet
is stored. This should match the caption associated with
<code>format_id</code>. If <code>format_id</code> is 99 (Other), this field
contains the original data source–specific format value.'
format_id:
name: format_id
description: The normalized identifier of the packet capture format.
range: PacketFormatIdEnum
recommended: true
sequence_number:
name: sequence_number
description: 'The relative order number of this packet within its capture context
(such as a
PCAP file, network session, or reconstructed stream). This represents
chronological capture order, distinct from both protocol-level sequencing (such
as TCP sequence numbers).'
source:
name: source
description: 'The human-readable name describing how or where the packet was obtained.
This
should match the caption associated with <code>source_id</code>. If
<code>source_id</code> is 99 (Other), this field contains the original data
source–specific value.'
source_id:
name: source_id
description: 'A normalized numeric identifier that specifies how the packet was
obtained or
generated.'
range: PacketSourceIdEnum
recommended: true
start_offset:
name: start_offset
description: The starting byte position of this packet within a capture file or
stream.
value:
name: value
description: 'The actual packet data, represented as a string. The format of this
string is
determined by the specified <code>encoding_id</code> (e.g., Base64,
Hexadecimal, or URL Encoded).'
required: true
attributes:
encoding:
name: encoding
description: 'The human-readable name of the encoding used to represent the packet
data in
the <code>value</code> field. This should match the caption associated with
<code>encoding_id</code>. If <code>encoding_id</code> is 99 (Other), this field
contains the original data source–specific encoding value.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Encoding
rank: 1000
alias: encoding
owner: Packet
domain_of:
- Packet
range: string
encoding_id:
name: encoding_id
annotations:
sibling:
tag: sibling
value: encoding
description: 'The normalized identifier of the encoding method used to represent
the packet
data as a string.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Encoding ID
rank: 1000
alias: encoding_id
owner: Packet
domain_of:
- Packet
range: PacketEncodingIdEnum
recommended: true
end_offset:
name: end_offset
description: The ending byte position of this packet within a capture file or
stream.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- End Offset
rank: 1000
alias: end_offset
owner: Packet
domain_of:
- Packet
range: integer
format:
name: format
description: 'The human-readable name of the packet capture file format in which
the packet
is stored. This should match the caption associated with
<code>format_id</code>. If <code>format_id</code> is 99 (Other), this field
contains the original data source–specific format value.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Format
rank: 1000
alias: format
owner: Packet
domain_of:
- Packet
range: string
format_id:
name: format_id
annotations:
sibling:
tag: sibling
value: format
description: The normalized identifier of the packet capture format.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Format ID
rank: 1000
alias: format_id
owner: Packet
domain_of:
- Packet
range: PacketFormatIdEnum
recommended: true
sequence_number:
name: sequence_number
description: 'The relative order number of this packet within its capture context
(such as a
PCAP file, network session, or reconstructed stream). This represents
chronological capture order, distinct from both protocol-level sequencing (such
as TCP sequence numbers).'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Sequence Number
rank: 1000
alias: sequence_number
owner: Packet
domain_of:
- Packet
range: integer
source:
name: source
description: 'The human-readable name describing how or where the packet was obtained.
This
should match the caption associated with <code>source_id</code>. If
<code>source_id</code> is 99 (Other), this field contains the original data
source–specific value.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Source
rank: 1000
alias: source
owner: Packet
domain_of:
- Packet
- Edge
- Metadata
range: string
source_id:
name: source_id
annotations:
sibling:
tag: sibling
value: source
description: 'A normalized numeric identifier that specifies how the packet was
obtained or
generated.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Source ID
rank: 1000
alias: source_id
owner: Packet
domain_of:
- Packet
range: PacketSourceIdEnum
recommended: true
start_offset:
name: start_offset
description: The starting byte position of this packet within a capture file or
stream.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Start Offset
rank: 1000
alias: start_offset
owner: Packet
domain_of:
- Packet
range: integer
value:
name: value
description: 'The actual packet data, represented as a string. The format of this
string is
determined by the specified <code>encoding_id</code> (e.g., Base64,
Hexadecimal, or URL Encoded).'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Value
rank: 1000
alias: value
owner: Packet
domain_of:
- Observable
- Observation
- Osint
- Packet
- DiscoveryDetails
- Enrichment
- EnvironmentVariable
- Fingerprint
- HttpCookie
- HttpHeader
- Ja4Fingerprint
- KeyValueObject
- LongString
- Metric
range: string
required: true