Documentation ¶
Overview ¶
Package pcap is a wrapper around the pcap library.
Index ¶
- Constants
- Variables
- func DatalinkValueToDescription(dlt int) string
- func DatalinkValueToName(dlt int) string
- func Version() string
- type Arphdr
- type FileHeader
- type IFAddress
- type Icmphdr
- type Interface
- type Ip6hdr
- type Iphdr
- type Packet
- type PacketTime
- type Pcap
- func (p *Pcap) Activate() error
- func (p *Pcap) Close()
- func (p *Pcap) Datalink() int
- func (p *Pcap) DumpOpen(ofile *string) (dumper *PcapDumper, err error)
- func (p *Pcap) Geterror() error
- func (p *Pcap) Getstats() (stat *Stat, err error)
- func (p *Pcap) Inject(data []byte) (err error)
- func (p *Pcap) Next() (pkt *Packet)
- func (p *Pcap) NextEx() (pkt *Packet, result int32)
- func (p *Pcap) PcapDump(dumper *PcapDumper, pkthdr_ptr *C.struct_pcap_pkthdr, buf_ptr *C.u_char)
- func (p *Pcap) PcapDumpClose(dumper *PcapDumper)
- func (p *Pcap) PcapDumpFlush(dumper *PcapDumper) error
- func (p *Pcap) PcapLoop(pktnum int, dumper *PcapDumper) (result int32, err error)
- func (p *Pcap) SetBufferSize(sz int32) error
- func (p *Pcap) SetDataLink(dlt int) error
- func (p *Pcap) SetDirection(direction string) (err error)
- func (p *Pcap) SetFilter(expr string) (err error)
- func (p *Pcap) SetPromisc(promisc bool) error
- func (p *Pcap) SetReadTimeout(toMs int32) error
- func (p *Pcap) SetSnapLen(s int32) error
- type PcapDumper
- type Reader
- type Stat
- type Tcphdr
- type Udphdr
- type Writer
Constants ¶
const ( TYPE_IP = 0x0800 TYPE_ARP = 0x0806 TYPE_IP6 = 0x86DD IP_ICMP = 1 IP_INIP = 4 IP_TCP = 6 IP_UDP = 17 )
const ( TCPDUMP_MAGIC = 0xa1b2c3d4 KUZNETZOV_TCPDUMP_MAGIC = 0xa1b2cd34 FMESQUITA_TCPDUMP_MAGIC = 0xa1b234cd NAVTEL_TCPDUMP_MAGIC = 0xa12b3c4d NSEC_TCPDUMP_MAGIC = 0xa1b23c4d )
Port from sf-pcap.c file.
const ( DLT_NULL = 0 // BSD loopback encapsulation DLT_EN10MB = 1 // Ethernet (10Mb) DLT_EN3MB = 2 // Experimental Ethernet (3Mb) DLT_AX25 = 3 // Amateur Radio AX.25 DLT_PRONET = 4 // Proteon ProNET Token Ring DLT_CHAOS = 5 // Chaos DLT_IEEE802 = 6 // 802.5 Token Ring DLT_ARCNET = 7 // ARCNET, with BSD-style header DLT_SLIP = 8 // Serial Line IP DLT_PPP = 9 // Point-to-point Protocol DLT_FDDI = 10 // FDDI )
DLT, these are the types that are the same on all platforms, and that have been defined by <net/bpf.h> for ages.
const ( ERRBUF_SIZE = 256 // According to pcap-linktype(7). LINKTYPE_NULL = DLT_NULL LINKTYPE_ETHERNET = DLT_EN10MB LINKTYPE_TOKEN_RING = DLT_IEEE802 LINKTYPE_EXP_ETHERNET = DLT_EN3MB /* 3Mb experimental Ethernet */ LINKTYPE_AX25 = DLT_AX25 LINKTYPE_PRONET = DLT_PRONET LINKTYPE_CHAOS = DLT_CHAOS LINKTYPE_ARCNET_BSD = DLT_ARCNET /* BSD-style headers */ LINKTYPE_SLIP = DLT_SLIP LINKTYPE_PPP = DLT_PPP LINKTYPE_FDDI = DLT_FDDI LINKTYPE_ARCNET = 7 LINKTYPE_ATM_RFC1483 = 100 LINKTYPE_RAW = 101 LINKTYPE_PPP_HDLC = 50 LINKTYPE_PPP_ETHER = 51 LINKTYPE_C_HDLC = 104 LINKTYPE_IEEE802_11 = 105 LINKTYPE_FRELAY = 107 LINKTYPE_LOOP = 108 LINKTYPE_LINUX_SLL = 113 LINKTYPE_LTALK = 104 LINKTYPE_PFLOG = 117 LINKTYPE_PRISM_HEADER = 119 LINKTYPE_IP_OVER_FC = 122 LINKTYPE_SUNATM = 123 LINKTYPE_IEEE802_11_RADIO = 127 LINKTYPE_ARCNET_LINUX = 129 LINKTYPE_LINUX_IRDA = 144 LINKTYPE_LINUX_LAPD = 177 )
const ( TCP_FIN = 1 << iota TCP_SYN TCP_RST TCP_PSH TCP_ACK TCP_URG TCP_ECE TCP_CWR TCP_NS )
Variables ¶
var GoVersion = "1.0.1"
GoVersion is the version of the pcap Go package.
Functions ¶
func DatalinkValueToName ¶
Types ¶
type Arphdr ¶
type Arphdr struct { Addrtype uint16 Protocol uint16 HwAddressSize uint8 ProtAddressSize uint8 Operation uint16 SourceHwAddress []byte SourceProtAddress []byte DestHwAddress []byte DestProtAddress []byte }
Arphdr is a ARP packet header.
type FileHeader ¶
type FileHeader struct { MagicNumber uint32 VersionMajor uint16 VersionMinor uint16 TimeZone int32 SigFigs uint32 SnapLen uint32 // NOTE: 'Network' property has been changed to `linktype` // Please see pcap/pcap.h header file. // Network uint32 LinkType uint32 }
FileHeader is the parsed header of a pcap file. http://wiki.wireshark.org/Development/LibpcapFileFormat
type Icmphdr ¶
func (*Icmphdr) TypeString ¶
type Interface ¶
func FindAllDevs ¶
type Ip6hdr ¶
type Ip6hdr struct { // http://www.networksorcery.com/enp/protocol/ipv6.htm Version uint8 // 4 bits TrafficClass uint8 // 8 bits FlowLabel uint32 // 20 bits Length uint16 // 16 bits NextHeader uint8 // 8 bits, same as Protocol in Iphdr HopLimit uint8 // 8 bits SrcIp []byte // 16 bytes DestIp []byte // 16 bytes }
type Iphdr ¶
type Iphdr struct { Version uint8 Ihl uint8 Tos uint8 Length uint16 Id uint16 Flags uint8 FragOffset uint16 Ttl uint8 Protocol uint8 Checksum uint16 SrcIp []byte DestIp []byte }
IPhdr is the header of an IP packet.
type Packet ¶
type Packet struct { // porting from 'pcap_pkthdr' struct Time time.Time // packet send/receive time Caplen uint32 // bytes stored in the file (caplen <= len) Len uint32 // bytes sent/received Data []byte // packet data Type int // protocol type, see LINKTYPE_* DestMac uint64 SrcMac uint64 Headers []interface{} // decoded headers, in order Payload []byte // remaining non-header bytes }
Packet is a single packet parsed from a pcap file.
type PacketTime ¶
type Pcap ¶
type Pcap struct {
// contains filtered or unexported fields
}
func OpenLive ¶
func OpenLive(device string, snaplen int32, promisc bool, timeout_ms int32) (handle *Pcap, err error)
OpenLive opens a device and returns a handler.
func (*Pcap) Activate ¶
Activate a packet capture handle to look at packets on the network, with the options that were set on the handle being in effect.
func (*Pcap) PcapDump ¶
func (p *Pcap) PcapDump(dumper *PcapDumper, pkthdr_ptr *C.struct_pcap_pkthdr, buf_ptr *C.u_char)
func (*Pcap) PcapDumpClose ¶
func (p *Pcap) PcapDumpClose(dumper *PcapDumper)
func (*Pcap) PcapDumpFlush ¶
func (p *Pcap) PcapDumpFlush(dumper *PcapDumper) error
func (*Pcap) PcapLoop ¶
func (p *Pcap) PcapLoop(pktnum int, dumper *PcapDumper) (result int32, err error)
func (*Pcap) SetBufferSize ¶
Set buffer size (units in bytes) on activated handle.
func (*Pcap) SetDataLink ¶
func (*Pcap) SetDirection ¶
func (*Pcap) SetPromisc ¶
If arg p is non-zero promiscuous mode will be set on capture handle when it is activated.
func (*Pcap) SetReadTimeout ¶
Set read timeout (milliseconds) that will be used on a capture handle when it is activated.
func (*Pcap) SetSnapLen ¶
type PcapDumper ¶
type PcapDumper struct {
// contains filtered or unexported fields
}
type Reader ¶
type Reader struct { Header FileHeader // contains filtered or unexported fields }
Reader parses pcap files.
type Tcphdr ¶
type Tcphdr struct { SrcPort uint16 DestPort uint16 Seq uint32 Ack uint32 DataOffset uint8 Flags uint16 Window uint16 Checksum uint16 Urgent uint16 Data []byte }