Documentation ¶
Overview ¶
* NETCAP - Traffic Analysis Framework * Copyright (c) 2017 Philipp Mieden <dreadl0ck [at] protonmail [dot] ch> * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Index ¶
- Variables
- func CloseFile(outDir string, file *os.File, typ string) (name string, size int64)
- func CloseGzipWriters(writers ...*gzip.Writer)
- func CreateFile(name, ext string) *os.File
- func Debug(s string, a ...interface{})
- func DecodeHTTP(packet gopacket.Packet)
- func DumpTop5LinkFlows()
- func DumpTop5NetworkFlows()
- func DumpTop5TransportFlows()
- func Entropy(data []byte) (entropy float64)
- func Error(t string, s string, a ...interface{})
- func ExtractTLSHandShake(tcp *layers.TCP) (*tlsx.ClientHello, bool)
- func FlushWriters(writers ...flushableWriter)
- func Info(s string, a ...interface{})
- func InitCustomEncoders(c Config)
- func InitLayerEncoders(c Config)
- func NewCSVWriter(w io.Writer) *csvWriter
- func NewHeader(t types.Type, c Config) *types.Header
- func Overview()
- func RemoveEmptyFile(name string) (size int64)
- func SetErrorMap(m *AtomicCounterMap)
- func ShowEncoders()
- type AtomicConnMap
- type AtomicCounterMap
- type AtomicDelimitedWriter
- type AtomicFlowMap
- type AtomicLinkFlowMap
- type AtomicNetworkFlowMap
- type AtomicTransportFlowMap
- type Config
- type ConnectionID
- type Context
- type CustomEncoder
- type CustomEncoderHandler
- type LayerEncoder
- type LayerEncoderHandler
- type Stream
Constants ¶
This section is empty.
Variables ¶
var ( // LiveMode switch for all encoders LiveMode bool // BlockSize is the file system block size BlockSize int )
var ( // Connections hold all connections Connections = &AtomicConnMap{ Items: make(map[string]*types.Connection), } )
var ( // CustomEncoders slice contains initialized encoders at runtime // for usage from other packages CustomEncoders = []*CustomEncoder{} )
var ( Flows = &AtomicFlowMap{ Items: make(map[string]*types.Flow), } )
var (
HTTPActive bool
)
var ( // LayerEncoders map contains initialized encoders at runtime // for usage from other packages LayerEncoders = map[gopacket.LayerType]*LayerEncoder{} )
var ( LinkFlows = &AtomicLinkFlowMap{ Items: make(map[uint64]*types.LinkFlow), } )
var ( NetworkFlows = &AtomicNetworkFlowMap{ Items: make(map[uint64]*types.NetworkFlow), } )
var ( TransportFlows = &AtomicTransportFlowMap{ Items: make(map[uint64]*types.TransportFlow), } )
Functions ¶
func CloseGzipWriters ¶
func CreateFile ¶
func DecodeHTTP ¶
DecodeHTTP passes TCP packets to the TCP stream reassembler in order to decode HTTP request and responses CAUTION: this function must be called sequentially, because the stream reassembly implementation currently does not handle out of order packets
func DumpTop5LinkFlows ¶
func DumpTop5LinkFlows()
func DumpTop5NetworkFlows ¶
func DumpTop5NetworkFlows()
func DumpTop5TransportFlows ¶
func DumpTop5TransportFlows()
func Entropy ¶
Entropy returns the shannon entropy value https://rosettacode.org/wiki/Entropy#Go
func ExtractTLSHandShake ¶
func ExtractTLSHandShake(tcp *layers.TCP) (*tlsx.ClientHello, bool)
ExtractTLSHandShake extracts a TLS HandShake from a TCP Packet
func FlushWriters ¶
func FlushWriters(writers ...flushableWriter)
func InitCustomEncoders ¶
func InitCustomEncoders(c Config)
InitCustomEncoders initializes all custom encoders
func InitLayerEncoders ¶
func InitLayerEncoders(c Config)
InitLayerEncoders initializes all layer encoders
func NewCSVWriter ¶
func RemoveEmptyFile ¶
func SetErrorMap ¶
func SetErrorMap(m *AtomicCounterMap)
func ShowEncoders ¶
func ShowEncoders()
Types ¶
type AtomicConnMap ¶
type AtomicConnMap struct { Items map[string]*types.Connection sync.Mutex }
AtomicConnMap contains all connections and provides synchronized access
func (*AtomicConnMap) Size ¶
func (a *AtomicConnMap) Size() int
Size returns the number of elements in the Items map
type AtomicCounterMap ¶
AtomicCounterMap maps strings to integers
func NewAtomicCounterMap ¶
func NewAtomicCounterMap() *AtomicCounterMap
NewAtomicCounterMap returns a new AtomicCounterMap
type AtomicDelimitedWriter ¶
AtomicDelimitedWriter writes delimited proto messages synchronized
func NewAtomicDelimitedWriter ¶
func NewAtomicDelimitedWriter(w *delimited.Writer) *AtomicDelimitedWriter
NewAtomicDelimitedWriter takes a delimited.WriterAtomic and returns an atomic version
type AtomicFlowMap ¶
func (*AtomicFlowMap) Size ¶
func (a *AtomicFlowMap) Size() int
type AtomicLinkFlowMap ¶
type AtomicNetworkFlowMap ¶
type AtomicNetworkFlowMap struct { Items map[uint64]*types.NetworkFlow sync.Mutex }
type AtomicTransportFlowMap ¶
type AtomicTransportFlowMap struct { Items map[uint64]*types.TransportFlow sync.Mutex }
type Config ¶
type Config struct { Buffer bool Compression bool CSV bool IncludeEncoders string ExcludeEncoders string Out string WriteChan bool Source string Version string }
Config contains configuration parameters for the encoders
type ConnectionID ¶
ConnectionID is a bidirectional connection between two devices over the network that includes the Link, Network and TransportLayer
func (ConnectionID) String ¶
func (c ConnectionID) String() string
type Context ¶
type Context struct {
CaptureInfo gopacket.CaptureInfo
}
* The assembler context
func (*Context) GetCaptureInfo ¶
func (c *Context) GetCaptureInfo() gopacket.CaptureInfo
type CustomEncoder ¶
type CustomEncoder struct { // public fields Name string Type types.Type Handler CustomEncoderHandler // contains filtered or unexported fields }
CustomEncoder implements custom logic to decode data from a gopacket.Packet
func CreateCustomEncoder ¶
func CreateCustomEncoder(t types.Type, name string, postinit func(*CustomEncoder) error, handler CustomEncoderHandler, deinit func(*CustomEncoder) error) *CustomEncoder
CreateCustomEncoder returns a new CustomEncoder instance
func (*CustomEncoder) Destroy ¶
func (d *CustomEncoder) Destroy() (name string, size int64)
Destroy closes and flushes all writers and calls deinit if set
func (*CustomEncoder) Encode ¶
func (d *CustomEncoder) Encode(p gopacket.Packet) error
Encode is called for each layer this calls the handler function of the encoder and writes the serialized protobuf into the data pipe
func (*CustomEncoder) GetChan ¶
func (d *CustomEncoder) GetChan() <-chan []byte
GetChan returns a channel to receive serialized protobuf data from the encoder
type CustomEncoderHandler ¶
CustomEncoderHandler takes a gopacket.Packet and returns a proto.Message
type LayerEncoder ¶
type LayerEncoder struct { // public fields Layer gopacket.LayerType Type types.Type Handler LayerEncoderHandler // contains filtered or unexported fields }
LayerEncoder represents an encoder for the gopacket.Layer type
func CreateLayerEncoder ¶
func CreateLayerEncoder(nt types.Type, lt gopacket.LayerType, handler LayerEncoderHandler) *LayerEncoder
CreateLayerEncoder returns a new LayerEncoder instance
func (*LayerEncoder) Destroy ¶
func (d *LayerEncoder) Destroy() (name string, size int64)
Destroy closes and flushes all writers
func (*LayerEncoder) Encode ¶
Encode is called for each layer this calls the handler function of the encoder and writes the serialized protobuf into the data pipe
func (*LayerEncoder) GetChan ¶
func (d *LayerEncoder) GetChan() <-chan []byte
GetChan returns a channel to receive serialized protobuf data from the encoder
type LayerEncoderHandler ¶
LayerEncoderHandler is the handler function for a layer encoder
Source Files ¶
- arp.go
- atomicDelimitedWriter.go
- chanWriter.go
- config.go
- connection.go
- counters.go
- csvWriter.go
- customEncoder.go
- dhcp4.go
- dhcp6.go
- dns.go
- dot11.go
- dot1q.go
- eth.go
- ethctp.go
- ethctpr.go
- flow.go
- header.go
- http.go
- httpReader.go
- icmp4.go
- icmp6.go
- icmp6e.go
- icmp6na.go
- icmp6ns.go
- icmp6ra.go
- icmp6rs.go
- igmp.go
- ip4.go
- ip6.go
- ip6hop.go
- layerEncoder.go
- linkFlow.go
- llc.go
- lld.go
- lldi.go
- networkFlow.go
- ntp.go
- sctp.go
- shared.go
- sip.go
- snap.go
- tcp.go
- tcpStream.go
- tls.go
- transportFlow.go
- udp.go
- utils.go