Documentation ¶
Index ¶
- Constants
- Variables
- func GetHttpHeader(header http.Header) map[string]string
- func GetSipLayer(packet gopacket.Packet) *layers.SIP
- func GetUrlQueryParams(strUrl string) (url.Values, error)
- func ParseIpLayerWithGre(packet gopacket.Packet) *layers.IPv4
- func ParseTcpProtocol(tcp *layers.TCP) (srcPort int, dstPort int, protocol string)
- func ParseUdpProtocol(udp *layers.UDP) (srcPort int, dstPort int, protocol string)
- func ReadHttpBodyToString(r io.ReadCloser) string
- func ReadRequestFromApplicationLayer(payload []byte) (*http.Request, error)
- func ReadResponseFromApplicationLayer(payload []byte) (*http.Response, error)
- type AppLayer
- type FlowPacket
Constants ¶
const ( ProtocolHttp = "http" ProtocolSip = "sip" ProtocolFtp = "ftp" ProtocolFtpData = "ftp-data" ProtocolTcp = "TCP" )
const ( ProtocolNone = "None" L3Version4 = "IPV4" L3Version6 = "IPV6" ProtocolICMP = "icmp" ProtocolUDP = "udp" ProtocolTCP = "tcp" LayerPayload = "Payload" )
Variables ¶
var TcpPortNames = map[layers.TCPPort]string{
20: "ftp-data",
21: "ftp",
22: "ssh",
23: "telnet",
25: "smtp",
49: "tacacs",
65: "tacacs-ds",
80: "http",
101: "hostname",
109: "pop2",
110: "pop3",
115: "sftp",
118: "sqlserv",
123: "ntp",
137: "netbios-ns",
138: "netbios-dgm",
139: "netbios-ssn",
143: "imap",
156: "sqlsrv",
161: "snmp",
162: "snmptrap",
220: "imap3",
389: "ldap",
443: "https",
445: "microsoft-ds",
546: "dhcpv6-client",
547: "dhcpv6-server",
5060: "sip",
5070: "sip",
1433: "ms-sql-s",
1434: "ms-sql-m",
1521: "oracle",
3306: "mysql",
3389: "ms-wbt-server",
6379: "redis",
8080: "http-alt",
}
var UdpPortNames = map[layers.UDPPort]string{
7: "echo",
20: "ftp-data",
21: "ftp",
22: "ssh",
23: "telnet",
25: "smtp",
80: "http",
554: "rtsp",
5060: "sip",
5061: "sips",
5070: "sip",
3389: "ms-wbt-server",
}
Functions ¶
func GetHttpHeader ¶
GetHttpHeader @Description: get http header to map @param header http-header @return map[string]string
func GetSipLayer ¶
GetSipLayer @Description: get sipLayer, include udp and tcp @param packet gopacket @return layers.SIP sip layer
func GetUrlQueryParams ¶
GetUrlQueryParams @Description: convert http url parameters to map @param strUrl http url @return url.Values map format @return error
func ParseIpLayerWithGre ¶
ParseIpLayerWithGre @Description: parse get layer, which has two ipv4Layer @param packet @return *layers.IPv4
func ParseTcpProtocol ¶
ParseTcpProtocol @Description: parse tcp layer @param tcp tcp layer @return srcPort src-port @return dstPort dst-port @return protocol default protocol
func ParseUdpProtocol ¶
ParseUdpProtocol @Description: default String() method return 80(http), and default layers.UDPPortNames has too many names @param udp @return srcPort int @return dstPort int @return protocol string
func ReadHttpBodyToString ¶
func ReadHttpBodyToString(r io.ReadCloser) string
ReadHttpBody @Description: read http body to string @param r @return string
func ReadRequestFromApplicationLayer ¶ added in v0.1.21
ReadRequestFromApplicationLayer @Description: @param payload @return *http.Request @return error
Types ¶
type AppLayer ¶ added in v0.1.23
type AppLayer struct { Protocol string `json:"Protocol"` HttpType string `json:"HttpType"` HttpStatus string `json:"HttpStatus"` RequestUri string `json:"RequestUri"` Body string `json:"body"` HttpHeaders map[string]string `json:"HttpHeaders"` UserAgent string `json:"UserAgent"` Command string `json:"Command"` PassivePort int `json:"PassivePort"` }
func ParseAppLayer ¶ added in v0.1.23
type FlowPacket ¶
type FlowPacket struct { Seq uint64 SrcMac string `json:"SrcMac"` SrcIp string `json:"SrcIp"` SrcIpv6 string `json:"SrcIpv6"` SrcPort int `json:"SrcPort"` DstMac string `json:"DstMac"` DstIp string `json:"DstIp"` DstIpv6 string `json:"DstIpv6"` DstPort int `json:"DstPort"` MetaTimestamp int64 MetaCaptureLength int MetaLength int MetaInterfaceIndex int MetaTruncated int EtherType string `json:"EtherType"` L3Version string `json:"L3Version"` L4Protocol string `json:"L4Protocol"` Protocol string `json:"Protocol"` PacketData string `json:"PacketData"` PacketLength int `json:"PacketLength"` SampleTime int64 `json:"TimeReceived"` SampleIp string `json:"SamplerIp"` HttpType string `json:"HttpType"` Command string `json:"Command"` HttpHeaders map[string]string `json:"HttpHeaders"` UserAgent string `json:"UserAgent"` HttpStatus string `json:"HttpStatus"` RequestUri string `json:"RequestUri"` Body string `json:"body"` PassivePort int `json:"PassivePort"` }
FlowPacket @Description: flow packet
func ParsePacketDefault ¶
func ParsePacketDefault(packet gopacket.Packet) *FlowPacket
ParsePacketDefault @Description: parse gopacket to FlowPacket @param packet gopacket @return *FlowPacket default struct, save with pcap format