pcap

package module
v0.0.0-...-b01d470 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 20, 2024 License: BSD-3-Clause Imports: 11 Imported by: 0

README 

# PCAP

This is a simple wrapper around libpcap for Go.  Originally written by Andreas
Krennmair <[email protected]> and only minorly touched up by Mark Smith <[email protected]>.

Please see the included pcaptest.go and tcpdump.go programs for instructions on
how to use this library.

Miek Gieben <[email protected]> has created a more Go-like package and replaced functionality
with standard functions from the standard library. The package has also been renamed to
pcap.

Documentation

Overview

Interface to both live and offline pcap parsing.

Index

Constants

View Source 
const (
	TYPE_IP   = 0x0800
	TYPE_ARP  = 0x0806
	TYPE_IP6  = 0x86DD
	TYPE_VLAN = 0x8100

	IP_ICMP = 1
	IP_INIP = 4
	IP_TCP  = 6
	IP_UDP  = 17
)
View Source 
const (
	ERRBUF_SIZE = 256

	// According to pcap-linktype(7).
	LINKTYPE_NULL             = 0
	LINKTYPE_ETHERNET         = 1
	LINKTYPE_TOKEN_RING       = 6
	LINKTYPE_ARCNET           = 7
	LINKTYPE_SLIP             = 8
	LINKTYPE_PPP              = 9
	LINKTYPE_FDDI             = 10
	LINKTYPE_ATM_RFC1483      = 100
	LINKTYPE_RAW              = 101
	LINKTYPE_PPP_HDLC         = 50
	LINKTYPE_PPP_ETHER        = 51
	LINKTYPE_C_HDLC           = 104
	LINKTYPE_IEEE802_11       = 105
	LINKTYPE_FRELAY           = 107
	LINKTYPE_LOOP             = 108
	LINKTYPE_LINUX_SLL        = 113
	LINKTYPE_LTALK            = 104
	LINKTYPE_PFLOG            = 117
	LINKTYPE_PRISM_HEADER     = 119
	LINKTYPE_IP_OVER_FC       = 122
	LINKTYPE_SUNATM           = 123
	LINKTYPE_IEEE802_11_RADIO = 127
	LINKTYPE_ARCNET_LINUX     = 129
	LINKTYPE_LINUX_IRDA       = 144
	LINKTYPE_LINUX_LAPD       = 177
)
View Source 
const (
	TCP_FIN = 1 << iota
	TCP_SYN
	TCP_RST
	TCP_PSH
	TCP_ACK
	TCP_URG
	TCP_ECE
	TCP_CWR
	TCP_NS
)

Variables

This section is empty.

Functions

func DatalinkValueToDescription 

func DatalinkValueToDescription(dlt int) string

func DatalinkValueToName 

func DatalinkValueToName(dlt int) string

func Version 

func Version() string

Types

type Arphdr 

type Arphdr struct {
	Addrtype          uint16
	Protocol          uint16
	HwAddressSize     uint8
	ProtAddressSize   uint8
	Operation         uint16
	SourceHwAddress   []byte
	SourceProtAddress []byte
	DestHwAddress     []byte
	DestProtAddress   []byte
}

Arphdr is a ARP packet header.

func (*Arphdr) String 

func (arp *Arphdr) String() (s string)

type FileHeader 

type FileHeader struct {
	MagicNumber  uint32
	VersionMajor uint16
	VersionMinor uint16
	TimeZone     int32
	SigFigs      uint32
	SnapLen      uint32
	Network      uint32
}

FileHeader is the parsed header of a pcap file. http://wiki.wireshark.org/Development/LibpcapFileFormat

type IFAddress 

type IFAddress struct {
	IP      net.IP
	Netmask net.IPMask
}

type Icmphdr 

type Icmphdr struct {
	Type     uint8
	Code     uint8
	Checksum uint16
	Id       uint16
	Seq      uint16
	Data     []byte
}

func (*Icmphdr) String 

func (icmp *Icmphdr) String(hdr addrHdr) string

func (*Icmphdr) TypeString 

func (icmp *Icmphdr) TypeString() (result string)

type Interface 

type Interface struct {
	Name        string
	Description string
	Addresses   []IFAddress
}

func Findalldevs 

func Findalldevs() (ifs []Interface, err error)

type Ip6hdr 

type Ip6hdr struct {
	// http://www.networksorcery.com/enp/protocol/ipv6.htm
	Version      uint8  // 4 bits
	TrafficClass uint8  // 8 bits
	FlowLabel    uint32 // 20 bits
	Length       uint16 // 16 bits
	NextHeader   uint8  // 8 bits, same as Protocol in Iphdr
	HopLimit     uint8  // 8 bits
	SrcIp        []byte // 16 bytes
	DestIp       []byte // 16 bytes
}

func (*Ip6hdr) DestAddr 

func (ip6 *Ip6hdr) DestAddr() string

func (*Ip6hdr) Len 

func (ip6 *Ip6hdr) Len() int

func (*Ip6hdr) SrcAddr 

func (ip6 *Ip6hdr) SrcAddr() string

type Iphdr 

type Iphdr struct {
	Version    uint8
	Ihl        uint8
	Tos        uint8
	Length     uint16
	Id         uint16
	Flags      uint8
	FragOffset uint16
	Ttl        uint8
	Protocol   uint8
	Checksum   uint16
	SrcIp      []byte
	DestIp     []byte
}

IPadr is the header of an IP packet.

func (*Iphdr) DestAddr 

func (ip *Iphdr) DestAddr() string

func (*Iphdr) Len 

func (ip *Iphdr) Len() int

func (*Iphdr) SrcAddr 

func (ip *Iphdr) SrcAddr() string

type Packet 

type Packet struct {
	Time   time.Time // packet send/receive time
	Caplen uint32    // bytes stored in the file (caplen <= len)
	Len    uint32    // bytes sent/received
	Data   []byte    // packet data

	Type    int // protocol type, see LINKTYPE_*
	DestMac uint64
	SrcMac  uint64

	Headers []interface{} // decoded headers, in order
	Payload []byte        // remaining non-header bytes

	IP  *Iphdr  // IP header (for IP packets, after decoding)
	TCP *Tcphdr // TCP header (for TCP packets, after decoding)
	UDP *Udphdr // UDP header (for UDP packets after decoding)
}

Packet is a single packet parsed from a pcap file.

Convenient access to IP, TCP, and UDP headers is provided after Decode() is called if the packet is of the appropriate type.

func (*Packet) Decode 

func (p *Packet) Decode()

Decode decodes the headers of a Packet.

func (*Packet) String 

func (p *Packet) String() string

String prints a one-line representation of the packet header. The output is suitable for use in a tcpdump program.

type PacketTime 

type PacketTime struct {
	Sec  int32
	Usec int32
}

func (*PacketTime) Time 

func (p *PacketTime) Time() time.Time

Convert the PacketTime to a go Time struct.

type Pcap 

type Pcap struct {
	// contains filtered or unexported fields
}

func Openlive 

func Openlive(device string, snaplen int32, promisc bool, timeout_ms int32) (handle *Pcap, err error)

Openlive opens a device and returns a *Pcap handler

func Openoffline 

func Openoffline(file string) (handle *Pcap, err error)

func (*Pcap) Close 

func (p *Pcap) Close()
func (p *Pcap) Datalink() int

func (*Pcap) Geterror 

func (p *Pcap) Geterror() error

func (*Pcap) Getstats 

func (p *Pcap) Getstats() (stat *Stat, err error)

func (*Pcap) Inject 

func (p *Pcap) Inject(data []byte) (err error)

func (*Pcap) Next 

func (p *Pcap) Next() (pkt *Packet)

func (*Pcap) NextEx 

func (p *Pcap) NextEx() (pkt *Packet, result int32)
func (p *Pcap) Setdatalink(dlt int) error

func (*Pcap) Setfilter 

func (p *Pcap) Setfilter(expr string) (err error)

type Reader 

type Reader struct {
	Header FileHeader
	// contains filtered or unexported fields
}

Reader parses pcap files.

func NewReader 

func NewReader(reader io.Reader) (*Reader, error)

NewReader reads pcap data from an io.Reader.

func (*Reader) Next 

func (r *Reader) Next() *Packet

Next returns the next packet or nil if no more packets can be read.

type Stat 

type Stat struct {
	PacketsReceived  uint32
	PacketsDropped   uint32
	PacketsIfDropped uint32
}

type Tcphdr 

type Tcphdr struct {
	SrcPort    uint16
	DestPort   uint16
	Seq        uint32
	Ack        uint32
	DataOffset uint8
	Flags      uint16
	Window     uint16
	Checksum   uint16
	Urgent     uint16
	Data       []byte
}

func (*Tcphdr) FlagsString 

func (tcp *Tcphdr) FlagsString() string

func (*Tcphdr) String 

func (tcp *Tcphdr) String(hdr addrHdr) string

type Udphdr 

type Udphdr struct {
	SrcPort  uint16
	DestPort uint16
	Length   uint16
	Checksum uint16
}

func (*Udphdr) String 

func (udp *Udphdr) String(hdr addrHdr) string

type Vlanhdr 

type Vlanhdr struct {
	Priority       byte
	DropEligible   bool
	VlanIdentifier int
	Type           int // Not actually part of the vlan header, but the type of the actual packet
}

func (*Vlanhdr) String 

func (v *Vlanhdr) String()

type Writer 

type Writer struct {
	// contains filtered or unexported fields
}

Writer writes a pcap file.

func NewWriter 

func NewWriter(writer io.Writer, header *FileHeader) (*Writer, error)

NewWriter creates a Writer that stores output in an io.Writer. The FileHeader is written immediately.

func (*Writer) Write 

func (w *Writer) Write(pkt *Packet) error

Writer writes a packet to the underlying writer.

Source Files

View all Source files

Directories

Path Synopsis
tools
benchmark command
pass command
pcaptest command
tcpdump command

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.