README
¶
# PCAP This is a simple wrapper around libpcap for Go. Originally written by Andreas Krennmair <ak@synflood.at> and only minorly touched up by Mark Smith <mark@qq.is>. Please see the included pcaptest.go and tcpdump.go programs for instructions on how to use this library. Miek Gieben <miek@miek.nl> has created a more Go-like package and replaced functionality with standard functions from the standard library. The package has also been renamed to pcap. ## TODO * Could use some more documentation
Documentation
¶
Overview ¶
Package pcap is a wrapper around the pcap library.
Index ¶
- Constants
- func DatalinkValueToDescription(dlt int) string
- func DatalinkValueToName(dlt int) string
- func Version() string
- type ARPHdr
- type EthernetHdr
- type FileHeader
- type Fragment
- type ICMPHdr
- type ICMPv6Hdr
- type IFAddress
- type IP6Hdr
- type IPHdr
- type Interface
- type Packet
- type Pcap
- func (p *Pcap) Activate() error
- func (p *Pcap) Close()
- func (p *Pcap) Datalink() int
- func (p *Pcap) Geterror() error
- func (p *Pcap) Getstats() (*Stat, error)
- func (p *Pcap) Inject(data []byte) error
- func (p *Pcap) Next() (*Packet, uint64, int32)
- func (p *Pcap) NextEx() (*Packet, uint64, int32)
- func (p *Pcap) SetBufferSize(sz int32) error
- func (p *Pcap) SetDatalink(dlt int) error
- func (p *Pcap) SetFilter(expr string) error
- func (p *Pcap) SetPromisc(promisc bool) error
- func (p *Pcap) SetReadTimeout(toMs int32) error
- func (p *Pcap) SetSampling(rate float64)
- func (p *Pcap) SetSnapLen(s int32) error
- type Reader
- type Stat
- type TCPHdr
- type UDPHdr
- type Writer
Constants ¶
const ( TypeIP4 = 0x0800 TypeARP = 0x0806 TypeWakeOnLan = 0x0842 TypeIP6 = 0x86DD TypeEAPOL = 0x888E TypeLLDP = 0x88CC TypeHomePlug = 0x88E1 ARPHrdEther = 1 )
Type constants.
const ( TcpdumpMagic = 0xa1b2c3d4 KuznetsovTcpdumpMagic = 0xa1b2cd34 FmesqiutaTcpdumpMagic = 0xa1b234cd NsecTcpdumpMagic = 0xa1b23c4d )
Port from sf-pcap.c file.
const ( LinkTypeNull = C.DLT_NULL LinkTypeRaw = C.DLT_RAW LinkTypeEthernet = C.DLT_EN10MB // Ethernet (10Mb) LinkTypeLinuxCooked = C.DLT_LINUX_SLL // Linux cooked )
LinkType constants according to pcap-linktype(7). DLT* are the data link types. They can differ per platform. See http://www.tcpdump.org/linktypes.html
const ( TCPFIN = 1 << iota TCPSYN TCPRST TCPPSH TCPACK TCPURG TCPECE TCPCWR TCPNS )
TCP flags.
Variables ¶
This section is empty.
Functions ¶
func DatalinkValueToDescription ¶
DatalinkValueToDescription TODO
Types ¶
type ARPHdr ¶
type ARPHdr struct {
Addrtype uint16
Protocol uint16
HwAddressSize uint8
ProtAddressSize uint8
Operation uint16
SourceHwAddress []byte
SourceProtAddress []byte
DestHwAddress []byte
DestProtAddress []byte
PayloadLength int
}
ARPHdr is a ARP packet header.
type EthernetHdr ¶
type EthernetHdr struct {
Type int // (next)protocol type
DestMac [6]byte
SrcMac [6]byte
PayloadLength int
}
EthernetHdr is a ethernet like field.
type FileHeader ¶
type FileHeader struct {
MagicNumber uint32
VersionMajor uint16
VersionMinor uint16
TimeZone int32
SigFigs uint32
SnapLen uint32
// NOTE: 'Network' property has been changed to `linktype`
// Please see pcap/pcap.h header file.
// Network uint32
LinkType uint32
}
FileHeader is the parsed header of a pcap file. http://wiki.wireshark.org/Development/LibpcapFileFormat
type ICMPHdr ¶
type ICMPHdr struct {
Type uint8
Code uint8
Checksum uint16
ID uint16
Seq uint16
PayloadLength int
}
ICMPHdr is the header of an ICMP packet.
type IP6Hdr ¶
type IP6Hdr struct {
// http://www.networksorcery.com/enp/protocol/ipv6.htm
Version uint8 // 4 bits
TrafficClass uint8 // 8 bits
FlowLabel uint32 // 20 bits
Length uint16 // 16 bits
NextHeader uint8 // 8 bits, similar to Protocol in IPHdr
HopLimit uint8 // 8 bits
SrcIP [16]byte // 16 bytes
DestIP [16]byte // 16 bytes
HasFragmented bool // Is an extended header
FragmentOffset uint16
PayloadLength int
}
IP6Hdr is the header of an IPv6 packet.
func (*IP6Hdr) Fragmented ¶
Fragmented returns if the packet was fragmented
type IPHdr ¶
type IPHdr struct {
Version uint8
Ihl uint8
Tos uint8
Length uint16
ID uint16
Flags uint8
FragmentOffset uint16
TTL uint8
Protocol uint8
Checksum uint16
SrcIP [4]byte
DestIP [4]byte
PayloadLength int
}
IPHdr is the header of an IPv4 packet.
func (*IPHdr) Fragmented ¶
Fragmented returns if the packet was fragmented
type Packet ¶
type Packet struct {
DatalinkType int // DLT_* type
// porting from 'pcap_pkthdr' struct
Time time.Time // packet send/receive time
Caplen uint32 // bytes stored in the file (caplen <= len)
Len uint32 // bytes sent/received
Data []byte // packet data
Headers []interface{} // decoded headers, in order
Payload []byte // remaining captured non-header bytes
}
Packet is a single packet parsed from a pcap file.
type Pcap ¶
type Pcap struct {
// contains filtered or unexported fields
}
Pcap wraps a pcap_t struct.
func OpenOffline ¶
OpenOffline provides a Pcap over a .pcap file.
func (*Pcap) Activate ¶
Activate a packet capture handle to look at packets on the network, with the options that were set on the handle being in effect.
func (*Pcap) SetBufferSize ¶
SetBufferSize sets buffer size (in bytes) on the activated handle.
func (*Pcap) SetPromisc ¶
SetPromisc sets promiscuous mode on the handle. It should be called before activation.
func (*Pcap) SetReadTimeout ¶
SetReadTimeout (milliseconds) that will be used on a capture handle when it is activated.
func (*Pcap) SetSampling ¶
SetSampling sets the sample rate of the handle. We perform sampling in the Go wrapper library, as efficiently as we can at that layer.
type Reader ¶
type Reader struct {
Header FileHeader
// contains filtered or unexported fields
}
Reader parses pcap files.
type TCPHdr ¶
type TCPHdr struct {
SrcPort uint16
DestPort uint16
Seq uint32
Ack uint32
DataOffset uint8
Flags uint16
Window uint16
Checksum uint16
Urgent uint16
PayloadLength int
}
TCPHdr is the header of a TCP packet.
type UDPHdr ¶
type UDPHdr struct {
SrcPort uint16
DestPort uint16
Length uint16
Checksum uint16
PayloadLength int
}
UDPHdr is the header of a UDP packet.
Source Files
Directories