Documentation ¶
Index ¶
- Variables
- type ARPPacket
- type DNSFlags
- type DNSMessage
- type EthernetFrame
- type FTPMessage
- type HTTPMessage
- type ICMPSegment
- type ICMPv6Segment
- type IPv4Flags
- type IPv4Packet
- type IPv6Packet
- type Layer
- type Message
- type QueryEntry
- type RDataA
- type RDataAAAA
- type RDataCNAME
- type RDataHTTPS
- type RDataMX
- type RDataNS
- type RDataOPT
- type RDataSOA
- type RDataTXT
- type RDataUnknown
- type Record
- type RecordClass
- type RecordType
- type ResourceRecord
- type SNMPMessage
- type SSHMessage
- type TCPFlags
- type TCPSegment
- type TLSMessage
- type TrafficClass
- type UDPSegment
Constants ¶
This section is empty.
Variables ¶
var LayerMap = map[string]Layer{ "ETH": &EthernetFrame{}, "IPv4": &IPv4Packet{}, "IPv6": &IPv6Packet{}, "ARP": &ARPPacket{}, "TCP": &TCPSegment{}, "UDP": &UDPSegment{}, "ICMP": &ICMPSegment{}, "ICMPv6": &ICMPv6Segment{}, "DNS": &DNSMessage{}, "FTP": &FTPMessage{}, "HTTP": &HTTPMessage{}, "SNMP": &SNMPMessage{}, "SSH": &SSHMessage{}, "TLS": &TLSMessage{}, }
Functions ¶
This section is empty.
Types ¶
type ARPPacket ¶
type ARPPacket struct { HardwareType uint16 // Network link protocol type. ProtocolType uint16 // Internetwork protocol for which the ARP request is intended. ProtocolTypeDesc string // Internetwork protocol description. Hlen uint8 // Length (in octets) of a hardware address. Plen uint8 // Length (in octets) of internetwork addresses. Op uint16 // Specifies the operation that the sender is performing. OpDesc string // Operation description. // Media address of the sender. In an ARP request this field is used to indicate // the address of the host sending the request. In an ARP reply this field is used // to indicate the address of the host that the request was looking for. SenderMAC net.HardwareAddr SenderIP netip.Addr // Internetwork address of the sender. // Media address of the intended receiver. In an ARP request this field is ignored. // In an ARP reply this field is used to indicate the address of the host that originated the ARP request. TargetMAC net.HardwareAddr TargetIP netip.Addr // Internetwork address of the intended receiver. }
The Address Resolution Protocol (ARP) is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. Defined in RFC 826.
type DNSFlags ¶
type DNSFlags struct { Raw uint16 QR uint8 // Indicates if the message is a query (0) or a reply (1). QRDesc string // Query (0) or Reply (1) OPCode uint8 // https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-5 OPCodeDesc string AA uint8 // Authoritative Answer, in a response, indicates if the DNS server is authoritative for the queried hostname. TC uint8 // TrunCation, indicates that this message was truncated due to excessive length. RD uint8 // Recursion Desired, indicates if the client means a recursive query. RA uint8 // Recursion Available, in a response, indicates if the replying DNS server supports recursion. Z uint8 // Zero, reserved for future use. AU uint8 // Indicates if answer/authority portion was authenticated by the server. NA uint8 // Indicates if non-authenticated data is accepatable. RCode uint8 // https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6 RCodeDesc string }
type DNSMessage ¶
type DNSMessage struct { TransactionID uint16 // Used for matching response to queries. Flags *DNSFlags // Flags specify the requested operation and a response code. QDCount uint16 // Count of entries in the queries section. ANCount uint16 // Count of entries in the answers section. NSCount uint16 // Count of entries in the authority section. ARCount uint16 // Count of entries in the additional section. Questions []*QueryEntry AnswerRRs []*ResourceRecord AuthorityRRs []*ResourceRecord AdditionalRRs []*ResourceRecord }
func (*DNSMessage) NextLayer ¶
func (d *DNSMessage) NextLayer() (layer string, payload []byte)
func (*DNSMessage) Parse ¶
func (d *DNSMessage) Parse(data []byte) error
Parse parses the given byte data into a DNSMessage struct.
func (*DNSMessage) String ¶
func (d *DNSMessage) String() string
func (*DNSMessage) Summary ¶
func (d *DNSMessage) Summary() string
type EthernetFrame ¶
type EthernetFrame struct { DstMAC net.HardwareAddr // MAC address of the destination device. SrcMAC net.HardwareAddr // MAC address of the source device. EtherType uint16 // The protocol of the upper layer. EtherTypeDesc string // Protocol description // contains filtered or unexported fields }
An Ethernet frame is a data link layer protocol data unit.
func (*EthernetFrame) NextLayer ¶
func (ef *EthernetFrame) NextLayer() (string, []byte)
NextLayer returns the name and payload of the next layer protocol based on the EtherType field of the EthernetFrame.
func (*EthernetFrame) Parse ¶
func (ef *EthernetFrame) Parse(data []byte) error
Parse parses the given byte data into an Ethernet frame.
func (*EthernetFrame) String ¶
func (ef *EthernetFrame) String() string
func (*EthernetFrame) Summary ¶
func (ef *EthernetFrame) Summary() string
type FTPMessage ¶
type FTPMessage struct {
// contains filtered or unexported fields
}
func (*FTPMessage) NextLayer ¶
func (f *FTPMessage) NextLayer() (layer string, payload []byte)
func (*FTPMessage) Parse ¶
func (f *FTPMessage) Parse(data []byte) error
func (*FTPMessage) String ¶
func (f *FTPMessage) String() string
func (*FTPMessage) Summary ¶
func (f *FTPMessage) Summary() string
type HTTPMessage ¶
type HTTPMessage struct {
// contains filtered or unexported fields
}
https://developer.mozilla.org/en-US/docs/Web/HTTP/Messages port 80
func (*HTTPMessage) NextLayer ¶
func (h *HTTPMessage) NextLayer() (layer string, payload []byte)
func (*HTTPMessage) Parse ¶
func (h *HTTPMessage) Parse(data []byte) error
func (*HTTPMessage) String ¶
func (h *HTTPMessage) String() string
func (*HTTPMessage) Summary ¶
func (h *HTTPMessage) Summary() string
type ICMPSegment ¶
type ICMPSegment struct { Type uint8 // ICMP type. TypeDesc string // ICMP type description. Code uint8 // ICMP subtype. CodeDesc string // ICMP subtype description. // Internet checksum (RFC 1071) for error checking, calculated from the ICMP header // and data with value 0 substituted for this field. Checksum uint16 Data []byte // Contents vary based on the ICMP type and code. }
ICMP is part of the Internet protocol suite as defined in RFC 792.
func (*ICMPSegment) NextLayer ¶
func (i *ICMPSegment) NextLayer() (layer string, payload []byte)
func (*ICMPSegment) Parse ¶
func (i *ICMPSegment) Parse(data []byte) error
Parse parses the given byte data into an ICMP segment struct.
func (*ICMPSegment) String ¶
func (i *ICMPSegment) String() string
func (*ICMPSegment) Summary ¶
func (i *ICMPSegment) Summary() string
type ICMPv6Segment ¶
type ICMPv6Segment struct { Type uint8 TypeDesc string Code uint8 CodeDesc string Checksum uint16 Data []byte }
ICMPv6 is an integral part of IPv6 and performs error reporting and diagnostic functions.
func (*ICMPv6Segment) NextLayer ¶
func (i *ICMPv6Segment) NextLayer() (layer string, payload []byte)
func (*ICMPv6Segment) Parse ¶
func (i *ICMPv6Segment) Parse(data []byte) error
Parse parses the given byte data into an ICMPv6 segment struct.
func (*ICMPv6Segment) String ¶
func (i *ICMPv6Segment) String() string
func (*ICMPv6Segment) Summary ¶
func (i *ICMPv6Segment) Summary() string
type IPv4Packet ¶
type IPv4Packet struct { Version uint8 // 4 bits version (for IPv4, this is always equal to 4). IHL uint8 // 4 bits size of header (number of 32-bit words). DSCP uint8 // 6 bits specifies differentiated services. DSCPDesc string // differentiated services description. ECN uint8 // 2 bits end-to-end notification of network congestion without dropping packets. TotalLength uint16 // 16 bits defines the entire packet size in bytes, including header and data. Identification uint16 // 16 bits identifies the group of fragments of a single IP datagram. Flags *IPv4Flags // 3 bits used to control or identify fragments. FragmentOffset uint16 // 13 bits offset of a particular fragment. TTL uint8 // 8 bits limits a datagram's lifetime to prevent network failure. Protocol uint8 // 8 bits defines the protocol used in the data portion of the IP datagram. ProtocolDesc string // Protocol description. HeaderChecksum uint16 // 16 bits used for error checking of the header. SrcIP netip.Addr // IPv4 address of the sender of the packet. DstIP netip.Addr // IPv4 address of the receiver of the packet. Options []byte // if ihl > 5 // contains filtered or unexported fields }
Internet Protocol version 4 is described in IETF publication RFC 791.
func (*IPv4Packet) NextLayer ¶
func (p *IPv4Packet) NextLayer() (string, []byte)
func (*IPv4Packet) Parse ¶
func (p *IPv4Packet) Parse(data []byte) error
Parse parses the given byte data into an IPv4 packet struct.
func (*IPv4Packet) String ¶
func (p *IPv4Packet) String() string
func (*IPv4Packet) Summary ¶
func (p *IPv4Packet) Summary() string
type IPv6Packet ¶
type IPv6Packet struct { Version uint8 // 4 bits version field (for IPv6, this is always equal to 6). TrafficClass *TrafficClass // 6 + 2 bits holds DS and ECN values. FlowLabel uint32 // 20 bits high-entropy identifier of a flow of packets between a source and destination. PayloadLength uint16 // 16 bits the size of the payload in octets, including any extension headers. NextHeader uint8 // 8 bits specifies the type of the next header. NextHeaderDesc string // next header description // 8 bits replaces the time to live field in IPv4. This value is decremented by one at each forwarding node // and the packet is discarded if it becomes 0. However, the destination node should process the packet normally // even if received with a hop limit of 0. HopLimit uint8 SrcIP netip.Addr // The unicast IPv6 address of the sending node. DstIP netip.Addr // The IPv6 unicast or multicast address of the destination node(s). // contains filtered or unexported fields }
An IPv6 packet is the smallest message entity exchanged using Internet Protocol version 6 (IPv6). IPv6 protocol defined in RFC 2460.
func (*IPv6Packet) NextLayer ¶
func (p *IPv6Packet) NextLayer() (string, []byte)
func (*IPv6Packet) Parse ¶
func (p *IPv6Packet) Parse(data []byte) error
Parse parses the given byte data into an IPv6 packet struct.
func (*IPv6Packet) String ¶
func (p *IPv6Packet) String() string
func (*IPv6Packet) Summary ¶
func (p *IPv6Packet) Summary() string
type Message ¶
type QueryEntry ¶
type QueryEntry struct { Name string // Name of the node to which this record pertains. Type *RecordType // Type of RR in numeric form. Class *RecordClass // Class code. }
func (*QueryEntry) String ¶
func (qe *QueryEntry) String() string
type RDataCNAME ¶
type RDataCNAME struct {
CName string
}
func (*RDataCNAME) String ¶
func (d *RDataCNAME) String() string
type RDataHTTPS ¶
type RDataHTTPS struct {
Data string // TODO: add proper parsing
}
func (*RDataHTTPS) String ¶
func (d *RDataHTTPS) String() string
type RDataOPT ¶
type RDataSOA ¶
type RDataUnknown ¶
type RDataUnknown struct {
Data string
}
func (*RDataUnknown) String ¶
func (d *RDataUnknown) String() string
type Record ¶
type RecordClass ¶
func (*RecordClass) String ¶
func (c *RecordClass) String() string
type RecordType ¶
func (*RecordType) String ¶
func (rt *RecordType) String() string
type ResourceRecord ¶
type ResourceRecord struct { Name string // Name of the node to which this record pertains. Type *RecordType // Type of RR in numeric form. Class *RecordClass // Class code. TTL uint32 // Count of seconds that the RR stays valid. RDLength uint16 // Length of RData field (specified in octets). RData fmt.Stringer // Additional RR-specific data. }
func (*ResourceRecord) String ¶
func (rt *ResourceRecord) String() string
type SNMPMessage ¶
type SNMPMessage struct {
Payload []byte
}
https://www.ranecommercial.com/legacy/pdf/ranenotes/SNMP_Simple_Network_Management_Protocol.pdf https://wiki.wireshark.org/SNMP port 161, 162
func (*SNMPMessage) NextLayer ¶
func (s *SNMPMessage) NextLayer() (layer string, payload []byte)
func (*SNMPMessage) Parse ¶
func (s *SNMPMessage) Parse(data []byte) error
func (*SNMPMessage) String ¶
func (s *SNMPMessage) String() string
func (*SNMPMessage) Summary ¶
func (s *SNMPMessage) Summary() string
type SSHMessage ¶
func (*SSHMessage) NextLayer ¶
func (s *SSHMessage) NextLayer() (layer string, payload []byte)
func (*SSHMessage) Parse ¶
func (s *SSHMessage) Parse(data []byte) error
func (*SSHMessage) String ¶
func (s *SSHMessage) String() string
func (*SSHMessage) Summary ¶
func (s *SSHMessage) Summary() string
type TCPFlags ¶
type TCPSegment ¶
type TCPSegment struct { SrcPort uint16 // Identifies the sending port. DstPort uint16 // Identifies the receiving port. // If the SYN flag is set (1), then this is the initial sequence number. The sequence number of the actual // first data byte and the acknowledged number in the corresponding ACK are then this sequence number plus 1. // If the SYN flag is unset (0), then this is the accumulated sequence number of the first data byte of this // segment for the current session. SeqNumber uint32 // If the ACK flag is set, the value is the next sequence number that the sender of the ACK is expecting. AckNumber uint32 DataOffset uint8 // 4 bits specifies the size of the TCP header in 32-bit words. Reserved uint8 // 4 bits reserved for future use and should be set to zero. Flags *TCPFlags // Contains 8 1-bit flags (control bits) // The size of the receive window, which specifies the number of window size units[b] that the sender of // this segment is currently willing to receive. WindowSize uint16 // The 16-bit checksum field is used for error-checking of the TCP header, the payload and an IP pseudo-header. Checksum uint16 // If the URG flag is set, then this 16-bit field is an offset from the sequence number // indicating the last urgent data byte. UrgentPointer uint16 Options []byte // The length of this field is determined by the data offset field. // contains filtered or unexported fields }
TCP protocol is described in RFC 761.
func (*TCPSegment) NextLayer ¶
func (t *TCPSegment) NextLayer() (string, []byte)
func (*TCPSegment) Parse ¶
func (t *TCPSegment) Parse(data []byte) error
Parse parses the given byte data into a TCPSegment struct.
func (*TCPSegment) String ¶
func (t *TCPSegment) String() string
func (*TCPSegment) Summary ¶
func (t *TCPSegment) Summary() string
type TLSMessage ¶
port 443 https://tls12.xargs.org/#client-hello/annotated https://tls13.xargs.org/#client-hello/annotated https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-5
func (*TLSMessage) NextLayer ¶
func (t *TLSMessage) NextLayer() (layer string, payload []byte)
func (*TLSMessage) Parse ¶
func (t *TLSMessage) Parse(data []byte) error
func (*TLSMessage) String ¶
func (t *TLSMessage) String() string
func (*TLSMessage) Summary ¶
func (t *TLSMessage) Summary() string
type TrafficClass ¶
func (*TrafficClass) String ¶
func (p *TrafficClass) String() string
type UDPSegment ¶
type UDPSegment struct { SrcPort uint16 // Identifies the sending port. DstPort uint16 // Identifies the receiving port. UDPLength uint16 // Specifies the length in bytes of the UDP header and UDP data. Checksum uint16 // The checksum field may be used for error-checking of the header and data. // contains filtered or unexported fields }
UDP protocol is defined in RFC 768.
func (*UDPSegment) NextLayer ¶
func (u *UDPSegment) NextLayer() (string, []byte)
func (*UDPSegment) Parse ¶
func (u *UDPSegment) Parse(data []byte) error
Parse parses the given byte data into a UDPSegment struct.
func (*UDPSegment) String ¶
func (u *UDPSegment) String() string
func (*UDPSegment) Summary ¶
func (u *UDPSegment) Summary() string