Documentation
¶
Index ¶
- Constants
- Variables
- func GetHttpHeader(header http.Header) map[string]string
- func GetSipLayer(packet gopacket.Packet) *layers.SIP
- func GetUrlQueryParams(strUrl string) (url.Values, error)
- func ParseIpLayerWithGre(packet gopacket.Packet) *layers.IPv4
- func ParseTcpProtocol(tcp *layers.TCP) (srcPort int, dstPort int, protocol string)
- func ParseUdpProtocol(udp *layers.UDP) (srcPort int, dstPort int, protocol string)
- func ReadHttpBodyToString(r io.ReadCloser) string
- func ReadRequestFromApplicationLayer(payload []byte) (*http.Request, error)
- func ReadResponseFromApplicationLayer(payload []byte) (*http.Response, error)
- type AppLayer
- type FlowPacket
Constants ¶
const ( ProtocolNone = "None" ProtocolHttp = "http" ProtocolSip = "sip" ProtocolFtp = "ftp" ProtocolFtpData = "ftp-data" ProtocolTCP = "TCP" ProtocolUDP = "UDP" ProtocolARP = "ARP" ProtocolDNS = "DNS" ProtocolICMP = "ICMP" L3Version4 = "IPV4" L3Version6 = "IPV6" LayerPayload = "Payload" )
Variables ¶
var TcpPortNames = map[layers.TCPPort]string{
20: "ftp-data",
21: "ftp",
22: "ssh",
23: "telnet",
25: "smtp",
49: "tacacs",
65: "tacacs-ds",
80: "http",
101: "hostname",
109: "pop2",
110: "pop3",
115: "sftp",
118: "sqlserv",
123: "ntp",
137: "netbios-ns",
138: "netbios-dgm",
139: "netbios-ssn",
143: "imap",
156: "sqlsrv",
161: "snmp",
162: "snmptrap",
220: "imap3",
389: "ldap",
443: "https",
445: "microsoft-ds",
546: "dhcpv6-client",
547: "dhcpv6-server",
5060: "sip",
5070: "sip",
1433: "ms-sql-s",
1434: "ms-sql-m",
1521: "oracle",
3306: "mysql",
3389: "ms-wbt-server",
6379: "redis",
8080: "http-alt",
}
var UdpPortNames = map[layers.UDPPort]string{
7: "echo",
20: "ftp-data",
21: "ftp",
22: "ssh",
23: "telnet",
25: "smtp",
80: "http",
554: "rtsp",
5060: "sip",
5061: "sips",
5070: "sip",
3389: "ms-wbt-server",
}
Functions ¶
func GetHttpHeader ¶
GetHttpHeader @Description: get http header to map @param header http-header @return map[string]string
func GetSipLayer ¶
GetSipLayer @Description: get sipLayer, include udp and tcp @param packet gopacket @return layers.SIP sip layer
func GetUrlQueryParams ¶
GetUrlQueryParams @Description: convert http url parameters to map @param strUrl http url @return url.Values map format @return error
func ParseIpLayerWithGre ¶
ParseIpLayerWithGre @Description: parse get layer, which has two ipv4Layer @param packet @return *layers.IPv4
func ParseTcpProtocol ¶
ParseTcpProtocol @Description: parse tcp layer @param tcp tcp layer @return srcPort src-port @return dstPort dst-port @return protocol default protocol
func ParseUdpProtocol ¶
ParseUdpProtocol @Description: default String() method return 80(http), and default layers.UDPPortNames has too many names @param udp @return srcPort int @return dstPort int @return protocol string
func ReadHttpBodyToString ¶
func ReadHttpBodyToString(r io.ReadCloser) string
ReadHttpBody @Description: read http body to string @param r @return string
func ReadRequestFromApplicationLayer ¶ added in v0.1.21
ReadRequestFromApplicationLayer @Description: @param payload @return *http.Request @return error
Types ¶
type AppLayer ¶ added in v0.1.23
type AppLayer struct {
Protocol string `json:"Protocol"`
HttpType string `json:"HttpType"`
HttpStatus string `json:"HttpStatus"`
RequestUri string `json:"RequestUri"`
Body string `json:"Body"`
HttpHeaders map[string]string `json:"HttpHeaders"`
UserAgent string `json:"UserAgent"`
Command string `json:"Command"`
PassivePort int `json:"PassivePort"`
}
func ParseAppLayer ¶ added in v0.1.23
type FlowPacket ¶
type FlowPacket struct {
Seq uint64
SrcMac string `json:"SrcMac"`
SrcIp string `json:"SrcIp"`
SrcIpv6 string `json:"SrcIpv6"`
SrcPort int `json:"SrcPort"`
DstMac string `json:"DstMac"`
DstIp string `json:"DstIp"`
DstIpv6 string `json:"DstIpv6"`
DstPort int `json:"DstPort"`
MetaTimestamp int64
MetaCaptureLength int
MetaLength int
MetaInterfaceIndex int
MetaTruncated int
EtherType string `json:"EtherType"`
L3Version string `json:"L3Version"`
L4Protocol string `json:"L4Protocol"`
Protocol string `json:"Protocol"`
PacketData string `json:"PacketData"`
PacketLength int `json:"PacketLength"`
SampleTime int64 `json:"TimeReceived"`
SampleIp string `json:"SamplerIp"`
HttpType string `json:"HttpType"`
Command string `json:"Command"`
HttpHeaders map[string]string `json:"HttpHeaders"`
UserAgent string `json:"UserAgent"`
HttpStatus string `json:"HttpStatus"`
RequestUri string `json:"RequestUri"`
Body string `json:"body"`
PassivePort int `json:"PassivePort"`
}
FlowPacket @Description: flow packet
func ParsePacketDefault ¶
func ParsePacketDefault(packet gopacket.Packet) *FlowPacket
ParsePacketDefault @Description: parse gopacket to FlowPacket @param packet gopacket @return *FlowPacket default struct, save with pcap format
Source Files