sniff

package
v0.11.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 15, 2015 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Packet

type Packet struct {
	SrcIP, DstIP       string
	SrcPort, DstPort   string
	Network, Transport int // byte counts
}

Packet is an intermediate, decoded form of a packet, with the information that the Scope data model cares about. Designed to decouple the packet data source loop, which should be as fast as possible, and the process of merging the packet information to a report, which may take some time and allocations.

type Sniffer

type Sniffer struct {
	// contains filtered or unexported fields
}

Sniffer is a packet-sniffing reporter.

func New

func New(hostID string, localNets report.Networks, src gopacket.ZeroCopyPacketDataSource, on, off time.Duration) *Sniffer

New returns a new sniffing reporter that samples traffic by turning its packet capture facilities on and off. Note that the on and off durations represent a way to bound CPU burn. Effective sample rate needs to be calculated as (packets decoded / packets observed).

func (*Sniffer) Merge

func (s *Sniffer) Merge(p Packet, rpt *report.Report)

Merge puts the packet into the report.

Note that, for the moment, we encode bidirectional traffic as ingress and egress traffic on a single edge whose src is local and dst is remote. That is, if we see a packet from the remote addr 9.8.7.6 to the local addr 1.2.3.4, we apply it as *ingress* on the edge (1.2.3.4 -> 9.8.7.6).

func (*Sniffer) Report

func (s *Sniffer) Report() (report.Report, error)

Report implements the Reporter interface.

type Source

type Source interface {
	gopacket.ZeroCopyPacketDataSource
	Close()
}

Source describes a packet data source that can be terminated.

func NewSource

func NewSource(device string) (Source, error)

NewSource returns a live packet data source via the passed device (interface).

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL