encoder

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 8, 2019 License: GPL-3.0 Imports: 35 Imported by: 4

Documentation

Overview

* NETCAP - Traffic Analysis Framework * Copyright (c) 2017 Philipp Mieden <dreadl0ck [at] protonmail [dot] ch> * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

Index

Constants

This section is empty.

Variables

View Source
var (
	// LiveMode switch for all encoders
	LiveMode bool

	// CapturePayload for encoders that support it
	CapturePayload = false
)
View Source
var (
	// Connections hold all connections
	Connections = &AtomicConnMap{
		Items: make(map[string]*types.Connection),
	}
)
View Source
var (
	// CustomEncoders slice contains initialized encoders at runtime
	// for usage from other packages
	CustomEncoders = []*CustomEncoder{}
)
View Source
var (
	Flows = &AtomicFlowMap{
		Items: make(map[string]*types.Flow),
	}
)
View Source
var (

	// HTTPActive must be set to true to decode HTTP traffic
	HTTPActive bool
)
View Source
var (
	// LayerEncoders map contains initialized encoders at runtime
	// for usage from other packages
	LayerEncoders = map[gopacket.LayerType][]*LayerEncoder{}
)
View Source
var (
	LinkFlows = &AtomicLinkFlowMap{
		Items: make(map[uint64]*types.LinkFlow),
	}
)
View Source
var (
	NetworkFlows = &AtomicNetworkFlowMap{
		Items: make(map[uint64]*types.NetworkFlow),
	}
)
View Source
var (
	TransportFlows = &AtomicTransportFlowMap{
		Items: make(map[uint64]*types.TransportFlow),
	}
)

Functions

func Debug

func Debug(s string, a ...interface{})

func DecodeHTTP

func DecodeHTTP(packet gopacket.Packet)

DecodeHTTP passes TCP packets to the TCP stream reassembler in order to decode HTTP request and responses CAUTION: this function must be called sequentially, because the stream reassembly implementation currently does not handle out of order packets

func DumpTop5LinkFlows

func DumpTop5LinkFlows()

func DumpTop5NetworkFlows

func DumpTop5NetworkFlows()

func DumpTop5TransportFlows

func DumpTop5TransportFlows()

func Entropy

func Entropy(data []byte) (entropy float64)

Entropy returns the shannon entropy value https://rosettacode.org/wiki/Entropy#Go

func Error

func Error(t string, s string, a ...interface{})

func ExtractTLSHandShake

func ExtractTLSHandShake(tcp *layers.TCP) (*tlsx.ClientHello, bool)

ExtractTLSHandShake extracts a TLS HandShake from a TCP Packet

func Info

func Info(s string, a ...interface{})

func InitCustomEncoders

func InitCustomEncoders(c Config)

InitCustomEncoders initializes all custom encoders

func InitLayerEncoders

func InitLayerEncoders(c Config)

InitLayerEncoders initializes all layer encoders

func MarkdownOverview added in v0.4.0

func MarkdownOverview()

MarkdownOverview dumps a Markdown summary of all available encoders and their fields

func SetErrorMap

func SetErrorMap(m *AtomicCounterMap)

func ShowEncoders

func ShowEncoders()

Types

type AtomicConnMap

type AtomicConnMap struct {
	Items map[string]*types.Connection
	sync.Mutex
}

AtomicConnMap contains all connections and provides synchronized access

func (*AtomicConnMap) Size

func (a *AtomicConnMap) Size() int

Size returns the number of elements in the Items map

type AtomicCounterMap

type AtomicCounterMap struct {
	Items map[string]int64
	sync.Mutex
}

AtomicCounterMap maps strings to integers

func NewAtomicCounterMap

func NewAtomicCounterMap() *AtomicCounterMap

NewAtomicCounterMap returns a new AtomicCounterMap

func (*AtomicCounterMap) Inc

func (a *AtomicCounterMap) Inc(val string)

Inc increments a value

type AtomicFlowMap

type AtomicFlowMap struct {
	Items map[string]*types.Flow
	sync.Mutex
}

func (*AtomicFlowMap) Size

func (a *AtomicFlowMap) Size() int

type AtomicLinkFlowMap

type AtomicLinkFlowMap struct {
	Items map[uint64]*types.LinkFlow
	sync.Mutex
}

type AtomicNetworkFlowMap

type AtomicNetworkFlowMap struct {
	Items map[uint64]*types.NetworkFlow
	sync.Mutex
}

type AtomicTransportFlowMap

type AtomicTransportFlowMap struct {
	Items map[uint64]*types.TransportFlow
	sync.Mutex
}

type Config

type Config struct {
	Buffer          bool
	Compression     bool
	CSV             bool
	IncludeEncoders string
	ExcludeEncoders string
	Out             string
	WriteChan       bool
	Source          string
	Version         string
	IncludePayloads bool
	Export          bool
}

Config contains configuration parameters for the encoders

type ConnectionID

type ConnectionID struct {
	LinkFlowID      uint64
	NetworkFlowID   uint64
	TransportFlowID uint64
}

ConnectionID is a bidirectional connection between two devices over the network that includes the Link, Network and TransportLayer

func (ConnectionID) String

func (c ConnectionID) String() string

type Context

type Context struct {
	CaptureInfo gopacket.CaptureInfo
}

* The assembler context

func (*Context) GetCaptureInfo

func (c *Context) GetCaptureInfo() gopacket.CaptureInfo

type CustomEncoder

type CustomEncoder struct {

	// public fields
	Name string

	Type    types.Type
	Handler CustomEncoderHandler
	// contains filtered or unexported fields
}

CustomEncoder implements custom logic to decode data from a gopacket.Packet

func CreateCustomEncoder

func CreateCustomEncoder(t types.Type, name string, postinit func(*CustomEncoder) error, handler CustomEncoderHandler, deinit func(*CustomEncoder) error) *CustomEncoder

CreateCustomEncoder returns a new CustomEncoder instance

func (*CustomEncoder) Destroy

func (e *CustomEncoder) Destroy() (name string, size int64)

Destroy closes and flushes all writers and calls deinit if set

func (*CustomEncoder) Encode

func (e *CustomEncoder) Encode(p gopacket.Packet) error

Encode is called for each layer this calls the handler function of the encoder and writes the serialized protobuf into the data pipe

func (*CustomEncoder) GetChan

func (e *CustomEncoder) GetChan() <-chan []byte

GetChan returns a channel to receive serialized protobuf data from the encoder

func (*CustomEncoder) NumRecords added in v0.4.0

func (e *CustomEncoder) NumRecords() int64

NumRecords returns the number of written records

type CustomEncoderHandler

type CustomEncoderHandler = func(p gopacket.Packet) proto.Message

CustomEncoderHandler takes a gopacket.Packet and returns a proto.Message

type LayerEncoder

type LayerEncoder struct {

	// public fields
	Layer gopacket.LayerType
	Type  types.Type

	Handler LayerEncoderHandler
	// contains filtered or unexported fields
}

LayerEncoder represents an encoder for the gopacket.Layer type

func CreateLayerEncoder

func CreateLayerEncoder(nt types.Type, lt gopacket.LayerType, handler LayerEncoderHandler) *LayerEncoder

CreateLayerEncoder returns a new LayerEncoder instance

func (*LayerEncoder) Destroy

func (e *LayerEncoder) Destroy() (name string, size int64)

Destroy closes and flushes all writers

func (*LayerEncoder) Encode

func (e *LayerEncoder) Encode(l gopacket.Layer, timestamp time.Time) error

Encode is called for each layer this calls the handler function of the encoder and writes the serialized protobuf into the data pipe

func (*LayerEncoder) GetChan

func (e *LayerEncoder) GetChan() <-chan []byte

GetChan returns a channel to receive serialized protobuf data from the encoder

type LayerEncoderHandler

type LayerEncoderHandler = func(layer gopacket.Layer, timestamp string) proto.Message

LayerEncoderHandler is the handler function for a layer encoder

type Stream

type Stream struct {
	// contains filtered or unexported fields
}

Stream contains both unidirectional flows for a connection

func (Stream) Reverse

func (s Stream) Reverse() Stream

Reverse flips source and destination

func (Stream) String

func (s Stream) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL