Documentation
¶
Overview ¶
Package capture contains the options to configure to packet capturing
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Callback ¶
type Callback g.CaptureCallbackFunc
Callback provides a custom callback function which is called for each captured packet
func (Callback) ApplyCapture ¶
type Channel ¶
type Channel chan g.CapturePacket
Channel sends all captured packets to the provided channel.
func ToChannel ¶
func ToChannel(ch chan g.CapturePacket) Channel
func (Channel) ApplyCapture ¶
type Comment ¶
type Comment string
Comment can be used to add a custom comment to the PCAPng file.
See: https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-pcapng
func (Comment) ApplyCapture ¶
type File ¶
File writes all captured packets in PCAPng format to the provided file handle.
func (File) ApplyCapture ¶
type Filename ¶
type Filename string
Filename writes all captured packets in PCAPng format to a new or existing file with the provided filename. Any existing files will be truncated
func ToFilename ¶
func (Filename) ApplyCapture ¶
type FilterExpression ¶
type FilterExpression string
FilterExpression is a libpcap filter expression
The filter expression consists of one or more primitives. Primitives usually consist of an id (name or number) preceded by one or more qualifiers
See: https://www.tcpdump.org/manpages/pcap-filter.7.html
func (FilterExpression) ApplyCapture ¶
func (bpf FilterExpression) ApplyCapture(c *g.Capture)
type FilterInstructions ¶
type FilterInstructions []bpf.Instruction
FilterInstructions allows filtering the captured packets by providing a compiled BPF filter program.
See: https://docs.kernel.org/bpf/instruction-set.html
func (FilterInstructions) ApplyCapture ¶
func (fi FilterInstructions) ApplyCapture(c *g.Capture)
type FilterInterfaces ¶
type FilterInterfaces g.CaptureFilterInterfaceFunc
FilterInterface is a filter callback to limit the interfaces which will be recorded.
This option is useful if you attach the capturer to a whole network or node and want to filter which of the interfaces should be captured.
func (FilterInterfaces) ApplyCapture ¶
func (f FilterInterfaces) ApplyCapture(c *g.Capture)
type FilterPackets ¶
type FilterPackets g.CaptureFilterPacketFunc
FilterPackets is a callback to filter packets within the Go application rather via BPF in the kernel.
Passed packets are not decoded. Have a look at gopacket to decode the packet layers.
func (FilterPackets) ApplyCapture ¶
func (f FilterPackets) ApplyCapture(c *g.Capture)
type ListenAddr ¶
type ListenAddr string
ListenAddr opens a UNIX, UDP or TCP socket which serves a PCAPng trace.
You can use WireShark to connect to this socket to stream captured packets in real-time to a local/remote machine.
See: https://wiki.wireshark.org/CaptureSetup/Pipes.md#tcp-socket
func (ListenAddr) ApplyCapture ¶
func (s ListenAddr) ApplyCapture(c *g.Capture)
type LogKeys ¶
type LogKeys bool
LogKeys captures encryption keys from applications started via Gont and embeds them into PCAPng files
This is achieved by passing the SSLKEYLOGFILE environment variable to each process started via Run(). The environment variable points to a pipe from which Gont reads session secrets and embeds them into PCAPng files.
Aside from SSLKEYLOGFILE, also WG_KEYLOGFILE is supported for capturing session secrets from wireguard-go
func (LogKeys) ApplyCapture ¶
type Pipename ¶
type Pipename string
Pipename writes all captured packets in PCAPng format to a newly created named pipe.
You can use WireShark to open this named pipe to stream captures packets in real-time to a local machine.
See: https://wiki.wireshark.org/CaptureSetup/Pipes.md#named-pipes See: https://man7.org/linux/man-pages/man7/fifo.7.html
func ToPipename ¶
func (Pipename) ApplyCapture ¶
type Promiscuous ¶
type Promiscuous bool
Promiscuous enables capturing of all packets.
On broadcast LANs such as Ethernet, if the network isn't switched, or if the adapter is connected to a "mirror port" on a switch to which all packets passing through the switch are sent, a network adapter receives all packets on the LAN, including unicast or multicast packets not sent to a network address that the network adapter isn't configured to recognize. Normally, the adapter will discard those packets; however, many network adapters support "promiscuous mode", which is a mode in which all packets, even if they are not sent to an address that the adapter recognizes, are provided to the host. This is useful for passively capturing traffic between two or more other hosts for analysis. Note that even if an application does not set promiscuous mode, the adapter could well be in promiscuous mode for some other reason.
See: https://www.tcpdump.org/manpages/pcap.3pcap.html
func (Promiscuous) ApplyCapture ¶
func (p Promiscuous) ApplyCapture(c *g.Capture)
type SnapshotLength ¶
type SnapshotLength int
SnapshotLength defines the PCAP snapshot length.
If, when capturing, you capture the entire contents of the packet, that requires more CPU time to copy the packet to your application, more disk and possibly network bandwidth to write the packet data to a file, and more disk space to save the packet. If you don't need the entire contents of the packet - for example, if you are only interested in the TCP headers of packets - you can set the "snapshot length" for the capture to an appropriate value. If the snapshot length is set to snaplen, and snaplen is less than the size of a packet that is captured, only the first snaplen bytes of that packet will be captured and provided as packet data. A snapshot length of 65535 should be sufficient, on most if not all networks, to capture all the data available from the packet.
See: https://www.tcpdump.org/manpages/pcap.3pcap.html
func (SnapshotLength) ApplyCapture ¶
func (sl SnapshotLength) ApplyCapture(c *g.Capture)
Source Files