gopcap – github.com/akrennmair/gopcap Index | Files | Directories

package pcap

import "github.com/akrennmair/gopcap"

Interface to both live and offline pcap parsing.

Index

Constants 

const (
	TYPE_IP   = 0x0800
	TYPE_ARP  = 0x0806
	TYPE_IP6  = 0x86DD
	TYPE_VLAN = 0x8100

	IP_ICMP = 1
	IP_INIP = 4
	IP_TCP  = 6
	IP_UDP  = 17
)
const (
	ERRBUF_SIZE = 256

	// According to pcap-linktype(7).
	LINKTYPE_NULL             = 0
	LINKTYPE_ETHERNET         = 1
	LINKTYPE_TOKEN_RING       = 6
	LINKTYPE_ARCNET           = 7
	LINKTYPE_SLIP             = 8
	LINKTYPE_PPP              = 9
	LINKTYPE_FDDI             = 10
	LINKTYPE_ATM_RFC1483      = 100
	LINKTYPE_RAW              = 101
	LINKTYPE_PPP_HDLC         = 50
	LINKTYPE_PPP_ETHER        = 51
	LINKTYPE_C_HDLC           = 104
	LINKTYPE_IEEE802_11       = 105
	LINKTYPE_FRELAY           = 107
	LINKTYPE_LOOP             = 108
	LINKTYPE_LINUX_SLL        = 113
	LINKTYPE_LTALK            = 104
	LINKTYPE_PFLOG            = 117
	LINKTYPE_PRISM_HEADER     = 119
	LINKTYPE_IP_OVER_FC       = 122
	LINKTYPE_SUNATM           = 123
	LINKTYPE_IEEE802_11_RADIO = 127
	LINKTYPE_ARCNET_LINUX     = 129
	LINKTYPE_LINUX_IRDA       = 144
	LINKTYPE_LINUX_LAPD       = 177
)
const (
	TCP_FIN = 1 << iota
	TCP_SYN
	TCP_RST
	TCP_PSH
	TCP_ACK
	TCP_URG
	TCP_ECE
	TCP_CWR
	TCP_NS
)

Functions

func DatalinkValueToDescription 

func DatalinkValueToDescription(dlt int) string

func DatalinkValueToName 

func DatalinkValueToName(dlt int) string

func Version 

func Version() string

Types

type Arphdr 

type Arphdr struct {
	Addrtype          uint16
	Protocol          uint16
	HwAddressSize     uint8
	ProtAddressSize   uint8
	Operation         uint16
	SourceHwAddress   []byte
	SourceProtAddress []byte
	DestHwAddress     []byte
	DestProtAddress   []byte
}

Arphdr is a ARP packet header.

func (*Arphdr) String 

func (arp *Arphdr) String() (s string)

type FileHeader 

type FileHeader struct {
	MagicNumber  uint32
	VersionMajor uint16
	VersionMinor uint16
	TimeZone     int32
	SigFigs      uint32
	SnapLen      uint32
	Network      uint32
}

FileHeader is the parsed header of a pcap file. http://wiki.wireshark.org/Development/LibpcapFileFormat

type IFAddress 

type IFAddress struct {
	IP      net.IP
	Netmask net.IPMask
}

type Icmphdr 

type Icmphdr struct {
	Type     uint8
	Code     uint8
	Checksum uint16
	Id       uint16
	Seq      uint16
	Data     []byte
}

func (*Icmphdr) String 

func (icmp *Icmphdr) String(hdr addrHdr) string

func (*Icmphdr) TypeString 

func (icmp *Icmphdr) TypeString() (result string)

type Interface 

type Interface struct {
	Name        string
	Description string
	Addresses   []IFAddress
}

func Findalldevs 

func Findalldevs() (ifs []Interface, err error)

type Ip6hdr 

type Ip6hdr struct {
	// http://www.networksorcery.com/enp/protocol/ipv6.htm
	Version      uint8  // 4 bits
	TrafficClass uint8  // 8 bits
	FlowLabel    uint32 // 20 bits
	Length       uint16 // 16 bits
	NextHeader   uint8  // 8 bits, same as Protocol in Iphdr
	HopLimit     uint8  // 8 bits
	SrcIp        []byte // 16 bytes
	DestIp       []byte // 16 bytes
}

func (*Ip6hdr) DestAddr 

func (ip6 *Ip6hdr) DestAddr() string

func (*Ip6hdr) Len 

func (ip6 *Ip6hdr) Len() int

func (*Ip6hdr) SrcAddr 

func (ip6 *Ip6hdr) SrcAddr() string

type Iphdr 

type Iphdr struct {
	Version    uint8
	Ihl        uint8
	Tos        uint8
	Length     uint16
	Id         uint16
	Flags      uint8
	FragOffset uint16
	Ttl        uint8
	Protocol   uint8
	Checksum   uint16
	SrcIp      []byte
	DestIp     []byte
}

IPadr is the header of an IP packet.

func (*Iphdr) DestAddr 

func (ip *Iphdr) DestAddr() string

func (*Iphdr) Len 

func (ip *Iphdr) Len() int

func (*Iphdr) SrcAddr 

func (ip *Iphdr) SrcAddr() string

type Packet 

type Packet struct {
	Time   time.Time // packet send/receive time
	Caplen uint32    // bytes stored in the file (caplen <= len)
	Len    uint32    // bytes sent/received
	Data   []byte    // packet data

	Type    int // protocol type, see LINKTYPE_*
	DestMac uint64
	SrcMac  uint64

	Headers []interface{} // decoded headers, in order
	Payload []byte        // remaining non-header bytes

	IP  *Iphdr  // IP header (for IP packets, after decoding)
	TCP *Tcphdr // TCP header (for TCP packets, after decoding)
	UDP *Udphdr // UDP header (for UDP packets after decoding)
}

Packet is a single packet parsed from a pcap file.

Convenient access to IP, TCP, and UDP headers is provided after Decode() is called if the packet is of the appropriate type.

func (*Packet) Decode 

func (p *Packet) Decode()

Decode decodes the headers of a Packet.

func (*Packet) String 

func (p *Packet) String() string

String prints a one-line representation of the packet header. The output is suitable for use in a tcpdump program.

type PacketTime 

type PacketTime struct {
	Sec  int32
	Usec int32
}

func (*PacketTime) Time 

func (p *PacketTime) Time() time.Time

Convert the PacketTime to a go Time struct.

type Pcap 

type Pcap struct {
	// contains filtered or unexported fields
}

func Openlive 

func Openlive(device string, snaplen int32, promisc bool, timeout_ms int32) (handle *Pcap, err error)

Openlive opens a device and returns a *Pcap handler

func Openoffline 

func Openoffline(file string) (handle *Pcap, err error)

func (*Pcap) Close 

func (p *Pcap) Close()
func (p *Pcap) Datalink() int

func (*Pcap) Geterror 

func (p *Pcap) Geterror() error

func (*Pcap) Getstats 

func (p *Pcap) Getstats() (stat *Stat, err error)

func (*Pcap) Inject 

func (p *Pcap) Inject(data []byte) (err error)

func (*Pcap) Next 

func (p *Pcap) Next() (pkt *Packet)

func (*Pcap) NextEx 

func (p *Pcap) NextEx() (pkt *Packet, result int32)
func (p *Pcap) Setdatalink(dlt int) error

func (*Pcap) Setfilter 

func (p *Pcap) Setfilter(expr string) (err error)

type Reader 

type Reader struct {
	Header FileHeader
	// contains filtered or unexported fields
}

Reader parses pcap files.

func NewReader 

func NewReader(reader io.Reader) (*Reader, error)

NewReader reads pcap data from an io.Reader.

func (*Reader) Next 

func (r *Reader) Next() *Packet

Next returns the next packet or nil if no more packets can be read.

type Stat 

type Stat struct {
	PacketsReceived  uint32
	PacketsDropped   uint32
	PacketsIfDropped uint32
}

type Tcphdr 

type Tcphdr struct {
	SrcPort    uint16
	DestPort   uint16
	Seq        uint32
	Ack        uint32
	DataOffset uint8
	Flags      uint16
	Window     uint16
	Checksum   uint16
	Urgent     uint16
	Data       []byte
}

func (*Tcphdr) FlagsString 

func (tcp *Tcphdr) FlagsString() string

func (*Tcphdr) String 

func (tcp *Tcphdr) String(hdr addrHdr) string

type Udphdr 

type Udphdr struct {
	SrcPort  uint16
	DestPort uint16
	Length   uint16
	Checksum uint16
}

func (*Udphdr) String 

func (udp *Udphdr) String(hdr addrHdr) string

type Vlanhdr 

type Vlanhdr struct {
	Priority       byte
	DropEligible   bool
	VlanIdentifier int
	Type           int // Not actually part of the vlan header, but the type of the actual packet
}

func (*Vlanhdr) String 

func (v *Vlanhdr) String()

type Writer 

type Writer struct {
	// contains filtered or unexported fields
}

Writer writes a pcap file.

func NewWriter 

func NewWriter(writer io.Writer, header *FileHeader) (*Writer, error)

NewWriter creates a Writer that stores output in an io.Writer. The FileHeader is written immediately.

func (*Writer) Write 

func (w *Writer) Write(pkt *Packet) error

Writer writes a packet to the underlying writer.

Source Files

decode.go io.go pcap.go

Directories

PathSynopsis
tools
tools/benchmark
tools/pass
tools/pcaptest
tools/tcpdump
Version
v0.0.0-20150728160502-00e11033259a (latest)
Published
Jul 28, 2015
Platform
js/wasm
Imports
11 packages
Last checked
3 weeks ago

Tools for package owners.