pcap

package
v2.3.0-alpha.0+incompa... Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 6, 2015 License: BSD-3-Clause, Apache-2.0 Imports: 11 Imported by: 0

README

# PCAP

This is a simple wrapper around libpcap for Go.  Originally written by Andreas
Krennmair <ak@synflood.at> and only minorly touched up by Mark Smith <mark@qq.is>.

Please see the included pcaptest.go and tcpdump.go programs for instructions on
how to use this library.

Miek Gieben <miek@miek.nl> has created a more Go-like package and replaced functionality
with standard functions from the standard library. The package has also been renamed to
pcap.

Documentation

Overview

Interface to both live and offline pcap parsing.

Index

Constants

View Source
const (
	TYPE_IP   = 0x0800
	TYPE_ARP  = 0x0806
	TYPE_IP6  = 0x86DD
	TYPE_VLAN = 0x8100

	IP_ICMP = 1
	IP_INIP = 4
	IP_TCP  = 6
	IP_UDP  = 17
)
View Source
const (
	ERRBUF_SIZE = 256

	// According to pcap-linktype(7).
	LINKTYPE_NULL             = 0
	LINKTYPE_ETHERNET         = 1
	LINKTYPE_TOKEN_RING       = 6
	LINKTYPE_ARCNET           = 7
	LINKTYPE_SLIP             = 8
	LINKTYPE_PPP              = 9
	LINKTYPE_FDDI             = 10
	LINKTYPE_ATM_RFC1483      = 100
	LINKTYPE_RAW              = 101
	LINKTYPE_PPP_HDLC         = 50
	LINKTYPE_PPP_ETHER        = 51
	LINKTYPE_C_HDLC           = 104
	LINKTYPE_IEEE802_11       = 105
	LINKTYPE_FRELAY           = 107
	LINKTYPE_LOOP             = 108
	LINKTYPE_LINUX_SLL        = 113
	LINKTYPE_LTALK            = 104
	LINKTYPE_PFLOG            = 117
	LINKTYPE_PRISM_HEADER     = 119
	LINKTYPE_IP_OVER_FC       = 122
	LINKTYPE_SUNATM           = 123
	LINKTYPE_IEEE802_11_RADIO = 127
	LINKTYPE_ARCNET_LINUX     = 129
	LINKTYPE_LINUX_IRDA       = 144
	LINKTYPE_LINUX_LAPD       = 177
)
View Source
const (
	TCP_FIN = 1 << iota
	TCP_SYN
	TCP_RST
	TCP_PSH
	TCP_ACK
	TCP_URG
	TCP_ECE
	TCP_CWR
	TCP_NS
)

Variables

This section is empty.

Functions

func DatalinkValueToDescription

func DatalinkValueToDescription(dlt int) string

func DatalinkValueToName

func DatalinkValueToName(dlt int) string

func Version

func Version() string

Types

type Arphdr

type Arphdr struct {
	Addrtype          uint16
	Protocol          uint16
	HwAddressSize     uint8
	ProtAddressSize   uint8
	Operation         uint16
	SourceHwAddress   []byte
	SourceProtAddress []byte
	DestHwAddress     []byte
	DestProtAddress   []byte
}

Arphdr is a ARP packet header.

func (*Arphdr) String

func (arp *Arphdr) String() (s string)

type FileHeader

type FileHeader struct {
	MagicNumber  uint32
	VersionMajor uint16
	VersionMinor uint16
	TimeZone     int32
	SigFigs      uint32
	SnapLen      uint32
	Network      uint32
}

FileHeader is the parsed header of a pcap file. http://wiki.wireshark.org/Development/LibpcapFileFormat

type IFAddress

type IFAddress struct {
	IP      net.IP
	Netmask net.IPMask
}

type Icmphdr

type Icmphdr struct {
	Type     uint8
	Code     uint8
	Checksum uint16
	Id       uint16
	Seq      uint16
	Data     []byte
}

func (*Icmphdr) String

func (icmp *Icmphdr) String(hdr addrHdr) string

func (*Icmphdr) TypeString

func (icmp *Icmphdr) TypeString() (result string)

type Interface

type Interface struct {
	Name        string
	Description string
	Addresses   []IFAddress
}

func Findalldevs

func Findalldevs() (ifs []Interface, err error)

type Ip6hdr

type Ip6hdr struct {
	// http://www.networksorcery.com/enp/protocol/ipv6.htm
	Version      uint8  // 4 bits
	TrafficClass uint8  // 8 bits
	FlowLabel    uint32 // 20 bits
	Length       uint16 // 16 bits
	NextHeader   uint8  // 8 bits, same as Protocol in Iphdr
	HopLimit     uint8  // 8 bits
	SrcIp        []byte // 16 bytes
	DestIp       []byte // 16 bytes
}

func (*Ip6hdr) DestAddr

func (ip6 *Ip6hdr) DestAddr() string

func (*Ip6hdr) Len

func (ip6 *Ip6hdr) Len() int

func (*Ip6hdr) SrcAddr

func (ip6 *Ip6hdr) SrcAddr() string

type Iphdr

type Iphdr struct {
	Version    uint8
	Ihl        uint8
	Tos        uint8
	Length     uint16
	Id         uint16
	Flags      uint8
	FragOffset uint16
	Ttl        uint8
	Protocol   uint8
	Checksum   uint16
	SrcIp      []byte
	DestIp     []byte
}

IPadr is the header of an IP packet.

func (*Iphdr) DestAddr

func (ip *Iphdr) DestAddr() string

func (*Iphdr) Len

func (ip *Iphdr) Len() int

func (*Iphdr) SrcAddr

func (ip *Iphdr) SrcAddr() string

type Packet

type Packet struct {
	Time   time.Time // packet send/receive time
	Caplen uint32    // bytes stored in the file (caplen <= len)
	Len    uint32    // bytes sent/received
	Data   []byte    // packet data

	Type    int // protocol type, see LINKTYPE_*
	DestMac uint64
	SrcMac  uint64

	Headers []interface{} // decoded headers, in order
	Payload []byte        // remaining non-header bytes

	IP  *Iphdr  // IP header (for IP packets, after decoding)
	TCP *Tcphdr // TCP header (for TCP packets, after decoding)
	UDP *Udphdr // UDP header (for UDP packets after decoding)
}

Packet is a single packet parsed from a pcap file.

Convenient access to IP, TCP, and UDP headers is provided after Decode() is called if the packet is of the appropriate type.

func (*Packet) Decode

func (p *Packet) Decode()

Decode decodes the headers of a Packet.

func (*Packet) String

func (p *Packet) String() string

String prints a one-line representation of the packet header. The output is suitable for use in a tcpdump program.

type PacketTime

type PacketTime struct {
	Sec  int32
	Usec int32
}

func (*PacketTime) Time

func (p *PacketTime) Time() time.Time

Convert the PacketTime to a go Time struct.

type Pcap

type Pcap struct {
	// contains filtered or unexported fields
}

func Openlive

func Openlive(device string, snaplen int32, promisc bool, timeout_ms int32) (handle *Pcap, err error)

Openlive opens a device and returns a *Pcap handler

func Openoffline

func Openoffline(file string) (handle *Pcap, err error)

func (*Pcap) Close

func (p *Pcap) Close()
func (p *Pcap) Datalink() int

func (*Pcap) Geterror

func (p *Pcap) Geterror() error

func (*Pcap) Getstats

func (p *Pcap) Getstats() (stat *Stat, err error)

func (*Pcap) Inject

func (p *Pcap) Inject(data []byte) (err error)

func (*Pcap) Next

func (p *Pcap) Next() (pkt *Packet)

func (*Pcap) NextEx

func (p *Pcap) NextEx() (pkt *Packet, result int32)
func (p *Pcap) Setdatalink(dlt int) error

func (*Pcap) Setfilter

func (p *Pcap) Setfilter(expr string) (err error)

type Reader

type Reader struct {
	Header FileHeader
	// contains filtered or unexported fields
}

Reader parses pcap files.

func NewReader

func NewReader(reader io.Reader) (*Reader, error)

NewReader reads pcap data from an io.Reader.

func (*Reader) Next

func (r *Reader) Next() *Packet

Next returns the next packet or nil if no more packets can be read.

type Stat

type Stat struct {
	PacketsReceived  uint32
	PacketsDropped   uint32
	PacketsIfDropped uint32
}

type Tcphdr

type Tcphdr struct {
	SrcPort    uint16
	DestPort   uint16
	Seq        uint32
	Ack        uint32
	DataOffset uint8
	Flags      uint16
	Window     uint16
	Checksum   uint16
	Urgent     uint16
	Data       []byte
}

func (*Tcphdr) FlagsString

func (tcp *Tcphdr) FlagsString() string

func (*Tcphdr) String

func (tcp *Tcphdr) String(hdr addrHdr) string

type Udphdr

type Udphdr struct {
	SrcPort  uint16
	DestPort uint16
	Length   uint16
	Checksum uint16
}

func (*Udphdr) String

func (udp *Udphdr) String(hdr addrHdr) string

type Vlanhdr

type Vlanhdr struct {
	Priority       byte
	DropEligible   bool
	VlanIdentifier int
	Type           int // Not actually part of the vlan header, but the type of the actual packet
}

func (*Vlanhdr) String

func (v *Vlanhdr) String()

type Writer

type Writer struct {
	// contains filtered or unexported fields
}

Writer writes a pcap file.

func NewWriter

func NewWriter(writer io.Writer, header *FileHeader) (*Writer, error)

NewWriter creates a Writer that stores output in an io.Writer. The FileHeader is written immediately.

func (*Writer) Write

func (w *Writer) Write(pkt *Packet) error

Writer writes a packet to the underlying writer.

Directories

Path Synopsis
tools

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL