README
¶
Packémon
Packet monster, or Packémon for short! (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ)
https://github.com/user-attachments/assets/08f96575-7aca-47e7-bdeb-6705ce2bbaba
TUI tool for generating packets of arbitrary input and monitoring packets on any network interfaces (default: eth0). The list of interfaces to be specified is output when packemon interfaces is run.
This tool works on Windows, macOS, and Linux.
This TUI tool is now available on macOS because of cluster2600 support. Thanks🎉!
I intend to develop it patiently🌴
The images of Packemon on REDME should be used as reference only, as they may look different from the actual Packemon.
[!WARNING] This tool is implemented with protocol stacks from scratch and utilizes raw socket.
There may be many bugs. If you find a bug, I would be glad if you raise an issue or give me a pull request!
Feature - Overview
This TUI tool has two major functions: packet generation and packet monitoring.
| Generated DNS query and Recieved response |
Displayed DNS response detail | Filtered packets |
|---|---|---|
 |
 |
 |
This image shows packemon running in Generator / Monitor mode.
DNS query packet generated by Generator on the left is shown in 56 line of the Monitor. DNS query response packet is shown as 57 line, and a more detailed view of it is shown in the middle image.
See here for detailed instructions.
Packemon's Monitor allows user to select each packet by pressing Enter key. Then, select any line and press Enter key to see the details of the desired packet. Pressing Esc key in the packet detail screen will return you to the original packet list screen.
The rightmost image shows how the packet list is filtered.
Feature - Generator
Send generated packets to any network interfaces.
- You can specify network interface with
--interfaceflag. Default iseth0.
Packets of various protocols are supported.
details
-
Ethernet
- IEEE802.1Q(VLAN tag)
-
ARP
-
IPv4
-
IPv6
-
ICMPv4
-
ICMPv6
-
TCP
-
UDP
-
TLSv1.2
-
Implementation using Go standard package (The following are valid fields;)
- IPv4:
Source IP Addr,Destination IP Addr - IPv6:
Source IP Addr,Destination IP Addr - TCP:
Source Port,Destination Port,Do TCP 3way handshake ?(Check required) - HTTP: All fields
- IPv4:
-
Experimental implementation (full scratch)
- This tool is not very useful because the number of cipher suites it supports is still small, but an environment where you can try it out can be found here.
- TCP 3way handshake ~ TLS handshake ~ TLS Application data (encrypted HTTP)
- Supported cipher suites include
TLS_RSA_WITH_AES_128_GCM_SHA256
- You can check the server for available cipher suites with the following command
nmap --script ssl-enum-ciphers -p 443 <server ip>
- This tool is not very useful because the number of cipher suites it supports is still small, but an environment where you can try it out can be found here.
-
-
TLSv1.3
-
Implementation using Go standard package (The following are valid fields;)
- IPv4:
Source IP Addr,Destination IP Addr - IPv6: (Not available... Coming soon!)
- TCP:
Source Port,Destination Port,Do TCP 3way handshake ?(Check required) - HTTP: All fields
- IPv4:
-
Experimental implementation (full scratch)
- This tool is not very useful because the number of cipher suites it supports is still small, but an environment where you can try it out can be found here.
- TCP 3way handshake ~ TLS handshake ~ TLS Application data (encrypted HTTP)
- Supported cipher suites include
TLS_CHACHA20_POLY1305_SHA256
- This tool is not very useful because the number of cipher suites it supports is still small, but an environment where you can try it out can be found here.
-
-
QUIC (Using github.com/quic-go/quic-go. The following are valid fields;)
- IPv4:
Source IP Addr,Destination IP Addr - IPv6:
Source IP Addr,Destination IP Addr - UDP:
Source Port,Destination Port(UDP selection required) - QUIC: All fields
- HTTP: All fields
- 🥳< HTTP/3!
- IPv4:
-
DNS (WIP)
-
HTTP (WIP)
-
xxxxx....
-
Routing Protocols
- IGP (Interior Gateway Protocol)
- OSPF (Open Shortest Path First)
- EIGRP (Enhanced Interior Gateway Routing Protocol)
- RIP (Routing Information Protocol)
- EGP (Exterior Gateway Protocol)
- BGP (Border Gateway Protocol)
- Currently there is only debug mode
- TCP 3way handshake ~ Open ~ Keepalive ~ Update ~ Notification
- Currently there is only debug mode
- BGP (Border Gateway Protocol)
- IGP (Interior Gateway Protocol)
[!WARNING] While using Generator mode, TCP RST packets automatically sent out by the kernel are dropped. When this mode is stopped, the original state is restored. Probably😅. Incidentally, dropping RST packets is done by running the eBPF program. The background note incorporating the eBPF is the POST of X around here.
[!TIP] While in Generator mode, output of
bpf_printkof eBPF program can be checked by executing the following command.
$ sudo mount -t debugfs none /sys/kernel/debug (only once)
$ sudo cat /sys/kernel/debug/tracing/trace_pipe
Feature - Monitor
Monitor any network interfaces.
- You can specify network interface with
--interfaceflag. Default iseth0.
Can filter packets to be displayed.
- You can filter the values for each item (e.g.
Dst,Proto,SrcIP...etc.) displayed in the listed packets.
Specified packets can be saved to pcapng file.
Packets of various protocols are supported.
details
- Ethernet
- IEEE802.1Q(VLAN tag)
- ARP
- IPv4 (WIP)
- IPv6 (WIP)
- ICMPv4 (WIP)
- ICMPv6
- TCP (WIP)
- UDP
- TLSv1.2 (WIP)
- TLSv1.3
- DNS (WIP)
- DNS query
- DNS query response
- xxxxx....
- HTTP (WIP)
- HTTP GET request
- HTTP GET response
- xxxxx....
- xxxxx....
- Routing Protocols
- IGP (Interior Gateway Protocol)
- OSPF (Open Shortest Path First)
- EIGRP (Enhanced Interior Gateway Routing Protocol)
- RIP (Routing Information Protocol)
- EGP (Exterior Gateway Protocol)
- BGP (Border Gateway Protocol)
- IGP (Interior Gateway Protocol)
[!WARNING] If packet parsing fails, it is indicated by “Proto:ETHER” as shown in the following image.
If you want to check the details of the packet, you can select the line, save it to a pcapng file, and import it into Wireshark or other software🙏
Installation
Source build
[!IMPORTANT] For Linux, require 'Dependencies' section of https://ebpf-go.dev/guides/getting-started/#ebpf-c-program
For Windows, require Npcap. Check the following
Support raw 802.11 traffic (and monitor mode) for wireless adaptersInstall Npcap in WinPcap API-compatible Mode
$ git clone git@github.com:ddddddO/packemon.git $ cd packemon (For Linux) $ cd tc_program/ && go generate && cd - (For Linux or macOS) $ go build -o packemon cmd/packemon/*.go $ ls | grep packemon $ mv packemon /usr/local/bin/ (For Windows) $ go build -o packemon.exe .\cmd\packemon\
Package manager
[!IMPORTANT] It might be that the generation of the executable file is failing. At that time, install it in another way!
For arm64, convert “amd64” to “arm64” in the following commands and execute them.
deb $ export PACKEMON_VERSION=X.X.X $ curl -o packemon.deb -L https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.deb $ dpkg -i packemon.deb rpm $ export PACKEMON_VERSION=X.X.X $ (Ubuntu) yum install https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.rpm or $ (Fedora) dnf install https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.rpm apk $ export PACKEMON_VERSION=X.X.X $ curl -o packemon.apk -L https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.apk $ apk add --allow-untrusted packemon.apk Homebrew $ brew install ddddddO/tap/packemon AUR https://aur.archlinux.org/packages?K=packemon
Confirmed executable in the following environments
- OS: Debian GNU/Linux 12 (bookworm) on WSL2
- Kernel: 5.15.167.4-microsoft-standard-WSL2
- Architecture: x86_64
- OS: Ubuntu 22.04.3 LTS on WSL2
- Kernel: 5.15.167.4-microsoft-standard-WSL2
- Architecture: x86_64
- OS: Fedora Linux 42 on WSL2
- Kernel: 5.15.167.4-microsoft-standard-WSL2
- Architecture: x86_64
- OS: Debian GNU/Linux 12 (bookworm) on Google Pixel 7a
- Kernel: 6.1.0-34-arm64
- Architecture: aarch64
- OS: macOS
- OS: Windows 11 Pro
- Confirm MAC address of default gateway (via PowerShell)
PS > $defaultGateway = (Get-NetRoute -DestinationPrefix "0.0.0.0/0" | Sort-Object -Property InterfaceMetric | Select-Object -First 1).NextHop PS > echo $defaultGateway 192.168.10.1 PS > Get-NetNeighbor -IPAddress $defaultGateway | Select-Object -ExpandProperty LinkLayerAddress
- Confirm MAC address of default gateway (via PowerShell)
cmd
- OS:
cat /etc/os-release- Kernel:
uname -r - Architecture:
uname -m
- Kernel:
Go install
For macOS, besides Homebrew, this is also easy.
[!IMPORTANT] For Windows, require Npcap. Check the following
Support raw 802.11 traffic (and monitor mode) for wireless adaptersInstall Npcap in WinPcap API-compatible Mode
$ go install github.com/ddddddO/packemon/cmd/packemon@latest
Usage - Overview
$ packemon --help
NAME:
packemon - Packet monster (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ) TUI tool for sending packets of arbitrary input and monitoring packets on any network interfaces (default: eth0). Windows/macOS/Linux
⌒丶、_ノ⌒丶、_ノ⌒丶、_ノ⌒丶、_ノ⌒丶、_ノ⌒丶、_ノ
○
о
。
,、-、_ __
,、-―、_,、'´  ̄ `ヽ,
/ ・ . l、
l, ヾニニつ `ヽ、
| `ヽ,
ノ ノ
/:::: /
/::::::: ..::l、
/::::::::::::::::::......:::::::. ............::::::::::`l,
l::::::::::::::::::::::::::::::::::::...... ....:::::::::::::::::::::::::::::`l,
ヽ,:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::ノ
 ̄ ̄``ヽ、_:::::::::::::::::::::::,、-―´ ̄`ヽ、,、-'
`ヽ―-―'´
USAGE:
packemon [global options] [command [command options]]
VERSION:
1.8.0 / revision cb61da2
COMMANDS:
monitor, m, mon Monitor mode. You can monitor packets received and sent on the specified interface. Default is 'eth0' interface.
generator, g, gen Generator mode. Arbitrary packets can be generated and sent.
interfaces, i, intfs Check the list of interfaces.
debugging, d, debug Debugging mode.
version, v Prints the version.
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--help, -h show help
--version, -v print the version
$
Usage - Generator
$ sudo setcap cap_net_raw,cap_bpf,cap_sys_admin,cap_net_admin+ep /path/to/packemon
$ packemon generator
or
$ sudo packemon generator
Usage - Monitor
$ sudo setcap cap_net_raw+ep /path/to/packemon
$ packemon monitor
or
$ sudo packemon monitor
Usecase - Overview
Network Learning and Education
Packemon serves as an educational tool for understanding network protocols by allowing hands-on experimentation. You can generate custom packets at different OSI layers and observe their behavior, making it ideal for learning TCP/IP fundamentals.
Protocol Development and Testing
The tool supports testing custom protocol implementations across multiple layers including Ethernet, ARP, IPv4/IPv6, ICMP, TCP/UDP, TLS, DNS, and HTTP. This makes it valuable for developers working on network protocol stacks or testing protocol compliance.
Network Troubleshooting and Analysis
Packemon provides packet monitoring capabilities similar to Wireshark, allowing you to capture and analyze network traffic in real-time. You can filter packets, examine protocol details, and export captured data to pcapng format for further analysis.
Security Research and Penetration Testing
The tool can be used for security research, including testing for vulnerabilities like DNS reflection attacks.
Custom Network Tool Development
Packemon demonstrates how to build network tools from scratch, serving as a reference implementation for developers creating their own packet manipulation utilities.
Usecase - Sending DNS query and Monitoring DNS response
process
-
setup
# Generator $ sudo packemon generator# Monitor $ sudo packemon monitor← Generator | Monitor →
-
Generator
-
Lα>Ethernet>Ether Type> IPv4 -
Lβ>IPv4>Protocol> UDP -
Lβ>IPv4>Destination IP Addr> 1.1.1.1- Enter the address of DNS resolver here. Above is the address of Cloudflare resolver.
-
Lγ>UDP>Destination Port> 53 -
Lγ>UDP>Automatically calculate length ?> (Check!) -
Lε>DNS>Queries Domain> go.dev- Enter here the domain for which you want to name resolution.
-
Lε>DNS> Click on Send!- At this time, DNS query is sent with the contents set so far.
-
-
Monitor
-
Find records where
Proto: DNS andDstIPorSrcIPis 1.1.1.1. Select each record to see the packet structure of the DNS query and the packet structure of the DNS response.-
List
-
DNS query (
DstIP: 1.1.1.1)
-
DNS response (
SrcIP: 1.1.1.1)
-
-
Usecase - Network Scan
Host Scan
This is a method for identifying which hosts (devices) are operational on a network.
details
| Description | How to do it in Pakemon (Generator) | |
|---|---|---|
| ARP Scan | On a local network, broadcast an ARP request to identify the host that responds. Verify the association between the IP address and MAC address. | Currently, Packemon does not support specifying IP address ranges for requests, so you have to specify each one individually... - Lα > Ethernet > Destination Mac Addr > 0xffffffffffff- Lα > Ethernet > Ether Type > ARP- Lβ > ARP > Hardware Type > 0x0001- Lβ > ARP > Protocol Type > 0x0800- Lβ > ARP > Hardware Size > 0x06- Lβ > ARP > Protocol Size > 0x04- Lβ > ARP > Operation Code > 0x0001- Lβ > ARP > Target Mac Addr > 0x000000000000- Lβ > ARP > Target IP Addr > (Target IP Addr)- Lβ > ARP > Click on Send! |
| Ping Sweep | Send ICMP echo requests to multiple IP addresses on the network to identify the hosts that return echo replies. This is a simple and widely used technique. | Currently, Packemon does not support specifying IP address ranges for requests, so you have to specify each one individually... - Lα > Ethernet > Ether Type > IPv4- Lβ > IPv4 > Protocol > ICMP- Lβ > IPv4 > Destination IP Addr > (Target IP Addr)- Lγ > ICMP > Type > 0x08- Lγ > ICMP > Click on Send! |
Port Scan
This is a method for identifying which ports are open (which services are running) on a network device. It is used by attackers to find vulnerable services and by administrators to verify security settings.
details
| Description | How to do it in Pakemon (Generator) | |
|---|---|---|
| TCP Connect Scan | This is the most basic scanning method, which verifies whether a port is open by performing a complete TCP three-way handshake (SYN -> SYN/ACK -> ACK). | - Lα > Ethernet > Ether Type > IPv4- Lβ > IPv4 > Protocol > TCP- Lβ > IPv4 > Destination IP Addr > (Target IP Addr)- Lγ > TCP > Do TCP 3way handshake ? > (Check!)- Lγ > TCP > Destination Port > (Target Port)- Lγ > TCP > Click on Send! |
| SYN Scan (Half-open Scan) | This technique checks port availability without completing the TCP handshake. It sends a SYN packet; if a SYN/ACK packet is returned, the port is deemed open. It then sends a RST packet to reset the connection. Because it leaves minimal traces in logs, it is also called a stealth scan. | When using Packemon on Linux, since it drops RST packets, I only wrote the procedure for sending Syn packets. - Lα > Ethernet > Ether Type > IPv4- Lβ > IPv4 > Protocol > TCP- Lβ > IPv4 > Destination IP Addr > (Target IP Addr)- Lγ > TCP > Do TCP 3way handshake ? > (No Check!)- Lγ > TCP > Flags > 0x02- Lγ > TCP > Destination Port > (Target Port)- Lγ > TCP > Click on Send! |
| UDP Scan | Because it uses the connectionless UDP protocol, it is well-suited for verifying whether a UDP port is open or closed. It sends a UDP packet and determines that the port is open if there is no ICMP Port Unreachable (Type 3, Code 3) response. | - Lα > Ethernet > Ether Type > IPv4- Lβ > IPv4 > Protocol > UDP- Lβ > IPv4 > Destination IP Addr > (Target IP Addr)- Lγ > UDP > Destination Port > (Target Port)- Lγ > UDP > Click on Send! |
Vulnerability Scan
This is a method for detecting known vulnerabilities (such as in operating systems, applications, or configuration errors).
details
| Description | How to do it in Pakemon (Generator) | |
|---|---|---|
| Automated Scanners | Using tools such as Nessus and OpenVAS, we perform automated scans based on known vulnerability databases. | - |
| Banner Grabbing | Connect to the port and retrieve the “banner” returned by the service (e.g., web server version information) to check for known vulnerabilities. | - |
Other Scan
details
| Description | How to do it in Pakemon (Generator) | |
|---|---|---|
| OS Fingerprinting | This technique identifies the target host's operating system by analyzing TCP/IP packet characteristics such as TTL values and window sizes. | - |
| Port Redirection | This scan verifies settings for forwarding packets to different ports or hosts. | - |
Related tools
Monitor
Generator
- Nmap
- Scapy
- google/gopacket / gopacket/gopacket (maintained)
- cloverstd/tcping
- akase244/synpack
Acknowledgments
-
- Packemon is using this TUI library.
-
- The way Go handles syscalls, packet checksum logic, etc. was helpful. Packemon was inspired by this book and began its development. This is a book in Japanese.
Contributors
thanks!
Document
Stargazers over time
Log (japanese)
xxx
Links
-
「Golangで作るソフトウェアルータ」
- その実装コード: https://github.com/sat0ken/go-curo
-
動作確認用コマンドの参考
-
WSL2のDebianで動作した。
-
任意の Ethernet ヘッダ / IPv4 ヘッダ / ARP / ICMP を楽に作れてフレームを送信できる
-
以下はtmuxで3分割した画面に各種ヘッダのフォーム画面を表示している。そして ICMP echo request を送信し、 echo reply が返ってきていることを Wireshark で確認した様子
-
フレームを受信して詳細表示(ARPとIPv4)
少し前のUI(`5062561` のコミット)
-
TUIライブラリとして https://github.com/rivo/tview を使わせてもらってる🙇
動作確認
Raspberry Piで簡易http server
pi@raspberrypi:~ $ sudo go run main.go
パケットキャプチャ
$ sudo tcpdump -U -i eth0 -w - | /mnt/c/Program\ Files/Wireshark/Wireshark.exe -k -i -
-
受信画面
$ sudo go run cmd/packemon/main.go monitor -
送信画面
$ sudo go run cmd/packemon/main.go generator -
単発フレーム送信コマンド(e.g. ARP request)
$ sudo go run cmd/packemon/main.go debugging --send --proto arp
TLS version 指定でリクエスト
# TLS v1.2 でリクエスト
$ curl -k -s -v --tls-max 1.2 https://192.168.10.112:10443
# TLS v1.3 でリクエスト
$ curl -k -s -v --tls-max 1.3 https://192.168.10.112:10443
# TLS v1.3 で cipher suites を指定してリクエスト(ただし、Client Hello の Cipher Suites のリストが、その指定のみになるわけではなく、一番上(最優先)にくるというもの(パケットキャプチャで確認))
$ curl -k -s -v --tls-max 1.3 --tls13-ciphers "TLS_CHACHA20_POLY1305_SHA256" https://192.168.10.112:10443
手軽にブロードキャスト
$ arping -c 1 1.2.3.4
ARPING 1.2.3.4 from 172.23.242.78 eth0
Sent 1 probes (1 broadcast(s))
Received 0 response(s)
tcpでdns
$ nslookup -vc github.com
WSL2でIPv6有効化
ipv6でping
どうするか
$ ip -6 route
$ ping -c 1 fe80::1
自前実装の tcp 3way handshake
$ sudo go run cmd/packemon/main.go debugging --send --proto tcp-3way-http
動作確認の様子
xxx
-
Ethernetフレームのみ作って送信(
77c9149でコミットしたファイルにて)
-
ARPリクエストを作って送信(
390f266でコミットしたファイルにて。中身はめちゃくちゃと思うけど)
-
ARPリクエストを受信してパース(
b6a025aでコミット)
Documentation
¶
Index ¶
- Constants
- Variables
- func DecryptApplicationData(encryptedText []byte, keyBlock *KeyBlock, clientSequence int) []byte
- func DecryptChacha20(header []byte, chipertext []byte, tlsConn *TLSv12Connection) []byte
- func EncryptChacha20(message []byte, tlsConn *TLSv12Connection) []byte
- func EncryptClientMessageForAlert(keyblock *KeyBlock, clientSequence int, plaintext []byte) ([]byte, int)
- func EstablishConnectionAndSendPayload(nwInterface string, dstIPAddr []byte, dstPort uint16, payload []byte) error
- func EstablishConnectionAndSendPayloadXxx(ctx context.Context, nwInterface string, fEthrh *EthernetHeader, fIpv4 *IPv4, ...) error
- func EstablishConnectionAndSendPayloadXxxForIPv6(ctx context.Context, nwInterface string, fEthrh *EthernetHeader, fIpv6 *IPv6, ...) error
- func EstablishTCPTLSv1_2AndSendPayload(ctx context.Context, fIpv4 *IPv4, fTcp *TCP, upperLayerData []byte) error
- func EstablishTCPTLSv1_2AndSendPayloadForIPv6(ctx context.Context, fIpv6 *IPv6, fTcp *TCP, upperLayerData []byte) error
- func EstablishTCPTLSv1_2AndSendPayloadForIPv6_CustomImpl(ctx context.Context, nwInterface string, fEthrh *EthernetHeader, fIpv6 *IPv6, ...) error
- func EstablishTCPTLSv1_2AndSendPayload_CustomImpl(ctx context.Context, nwInterface string, fEthrh *EthernetHeader, fIpv4 *IPv4, ...) error
- func EstablishTCPTLSv1_3AndSendPayload(ctx context.Context, fIpv4 *IPv4, fTcp *TCP, upperLayerData []byte) error
- func EstablishTCPTLSv1_3AndSendPayload_CustomImpl(ctx context.Context, nwInterface string, fEthrh *EthernetHeader, fIpv4 *IPv4, ...) error
- func ExecCommand(command string, args ...string) (string, error)
- func ExecIP(args ...string) (string, error)
- func ExecIPNeigh(args ...string) (string, error)
- func ExecIPRoute(args ...string) (string, error)
- func GetDefaultRouteIP() (string, error)
- func GetDefaultRouteMAC() (string, error)
- func IsDNSRequest(flags uint16) bool
- func IsDNSResponse(flags uint16) bool
- func NewTLSApplicationData(data []byte, keyblock *KeyBlock, clientSequence int) []byte
- func NewTLSClientKeyExchangeAndChangeCipherSpecAndFinished(clientHello *TLSClientHello, serverHello *TLSServerHello) (*TLSClientKeyExchange, *KeyBlock, int, []byte, []byte)
- func Options() []byte
- func OptionsOfAck() []byte
- func OptionsOfhttp() []byte
- func ParsedTLSToPassive(tcp *TCP, p *Passive)
- func SendEncryptedApplicationData(upperLayerData []byte, prevTCP *TCP, srcIPAddr uint32, dstIPAddr uint32, ...) error
- func SendTLSClientHello(nw *NetworkInterface, clientHello *TLSClientHello, srcPort, dstPort uint16, ...) error
- func SendTLSClientHelloForIPv6(nw *NetworkInterface, clientHello *TLSClientHello, srcPort, dstPort uint16, ...) error
- func SendUDP_QUIC_HTTP_Payload(ctx context.Context, fIpv4 *IPv4, fUdp *UDP, fQuic *QUIC, fHttp *HTTP) error
- func SendUDP_QUIC_HTTP_PayloadForIPv6(ctx context.Context, fIpv6 *IPv6, fUdp *UDP, fQuic *QUIC, fHttp *HTTP) error
- func StrHexToBytes(s string) ([]byte, error)
- func StrHexToBytes2(s string) ([]byte, error)
- func StrHexToBytes3(s string) (byte, error)
- func StrIPToBytes(s string) ([]byte, error)
- func StrIntToUint16(s string) (uint16, error)
- func UintTo2byte(data uint16) []byte
- func WriteHash(message []byte) []byte
- func WriteUint16(buf *bytes.Buffer, target uint16)
- func WriteUint32(buf *bytes.Buffer, target uint32)
- type ARP
- type Answer
- type Certificate
- type CertificateVerify
- type ChangeCipherSpecAndFinished
- type ChangeCipherSpecProtocol
- type ClientKeyExchange
- type DNS
- type ECDHEKeys
- type EncryptedHandshakeMessage
- type EthernetDot1QFields
- type EthernetFrame
- type EthernetHeader
- type Finished
- type FinishedMessage
- type ForVerifing
- type HTTP
- type HTTPResponse
- type HTTPResponseHeader
- type HardwareAddr
- type ICMP
- type IPv4
- type IPv6
- type InterfaceDevice
- type InterfaceDevices
- type KeyBlock
- type KeyBlockForTLSv13
- type Mss
- type NetworkInterface
- type NetworkInterfaceForTCP
- type NoOperation
- type Passive
- type QUIC
- type Queries
- type RSAEncryptedPreMasterSecret
- type SackPermitted
- type ServerHello
- type ServerHelloDone
- type TCP
- func NewTCPAck(srcPort, dstPort uint16, prevSequence uint32, prevAcknowledgment uint32) *TCP
- func NewTCPAckForPassiveData(srcPort, dstPort uint16, prevSequence uint32, prevAcknowledgment uint32, ...) *TCP
- func NewTCPFinAck(srcPort, dstPort uint16, prevSequence uint32, prevAcknowledgment uint32) *TCP
- func NewTCPSyn(srcPort, dstPort uint16) *TCP
- func NewTCPWithData(srcPort, dstPort uint16, data []byte, prevSequence uint32, ...) *TCP
- func ParsedTCP(payload []byte) *TCP
- type TCPConnection
- func (conn *TCPConnection) Close()
- func (conn *TCPConnection) EstablishedConnection()
- func (conn *TCPConnection) IsPassiveAck(tcp *TCP) bool
- func (conn *TCPConnection) IsPassiveFinAck(tcp *TCP) bool
- func (conn *TCPConnection) IsPassivePshAck(tcp *TCP) bool
- func (conn *TCPConnection) IsPassiveSynAckForHandshake(tcp *TCP) bool
- func (conn *TCPConnection) SetState(state TCPState)
- type TCPFlags
- type TCPState
- type TLSApplicationData
- type TLSChangeCipherSpecAndEncryptedHandshakeMessage
- type TLSClientHello
- type TLSClientKeyExchange
- type TLSEncryptedAlert
- type TLSExtension
- type TLSExtensions
- type TLSHandshakeProtocol
- type TLSRecordLayer
- type TLSServerHello
- type TLSServerHelloFor1_3
- type TLSv12Connection
- func (t *TLSv12Connection) Close()
- func (t *TLSv12Connection) EstablishedConnection()
- func (t *TLSv12Connection) IsEstablished() bool
- func (t *TLSv12Connection) IsPassiveChangeCipherSpecAndFinished(tcp *TCP) bool
- func (t *TLSv12Connection) IsPassiveServerHello(tcp *TCP) bool
- func (t *TLSv12Connection) IsSendApplicationData() bool
- func (t *TLSv12Connection) KeyscheduleToAppTraffic()
- func (t *TLSv12Connection) KeyscheduleToMasterSecret(sharedkey []byte)
- func (t *TLSv12Connection) SetState(s TLSv12State)
- func (t *TLSv12Connection) VerifingData() *ForVerifing
- type TLSv12State
- type Timestamps
- type UDP
- type WindowScale
Constants ¶
View Source
const ( ARP_OPERATION_CODE_REQUEST = 0x0001 ARP_OPERATION_CODE_REPLY = 0x0002 )
View Source
const ( DNS_QR_REQUEST = 0 << 15 // 0 DNS_QR_RESPONSE = 1 << 15 // 1000 0000 0000 0000 )
https://datatracker.ietf.org/doc/html/rfc1035#section-4.1.1 の「QR」 関連: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-5 の「Opcode」の逆引きは廃止(IQuery (Inverse Query, OBSOLETE))
View Source
const ( DNS_QUERY_TYPE_A = 0x0001 DNS_QUERY_TYPE_AAAA = 0x001c )
View Source
const ( PORT_HTTP = 0x0050 PORT_HTTPS = 0x01bb // 443 )
View Source
const ( IPv4_PROTO_ICMP uint8 = 0x01 IPv4_PROTO_TCP uint8 = 0x06 IPv4_PROTO_UDP uint8 = 0x11 )
View Source
const ( IPv6_NEXT_HEADER_TCP = IPv4_PROTO_TCP IPv6_NEXT_HEADER_UDP = IPv4_PROTO_UDP IPv6_NEXT_HEADER_ICMPv6 = 0x3a )
TODO: IPv4 と同じものは、IPv4_PROTO_HOGE 使っていいかも
View Source
const ARP_HARDWARE_TYPE_THERNET = 0x0001
View Source
const ARP_PROTO_TYPE_IPv4 = 0x0800
View Source
const COMMAND_IP = "ip"
View Source
const COMPRESSION_METHOD_NULL = 0x00
View Source
const (
DNS_QUERY_CLASS_IN = 0x0001
)
View Source
const ETHER_TYPE_ARP uint16 = 0x0806
View Source
const ETHER_TYPE_DOT1Q uint16 = 0x8100 // IEEE 802.1Q, VLAN-tag
View Source
const ETHER_TYPE_IPv4 uint16 = 0x0800
View Source
const ETHER_TYPE_IPv6 uint16 = 0x86dd
View Source
const (
ICMP_TYPE_REQUEST = 0x08
)
View Source
const IP_PAYLOAD_MAX_LENGTH = 1500 - 14 // =1486byte(IPヘッダ含む。14byteはEthernetヘッダ分)
View Source
const PORT_DNS = 0x0035 // 53
View Source
const TLS_CONTENT_TYPE_ALERT = 0x15
View Source
const TLS_CONTENT_TYPE_APPLICATION_DATA = 0x17
View Source
const TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC = 0x14
View Source
const TLS_CONTENT_TYPE_HANDSHAKE = 0x16
View Source
const TLS_HANDSHAKE_TYPE_CHANGE_CIPHER_SPEC = 0x14
View Source
const TLS_HANDSHAKE_TYPE_CLIENT_HELLO = 0x01
View Source
const TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE = 0x10
View Source
const TLS_HANDSHAKE_TYPE_FINISHED = 0x14
View Source
const TLS_HANDSHAKE_TYPE_SERVER_HELLO = 0x02
Variables ¶
View Source
var IPv4Protocols = map[uint8]string{ IPv4_PROTO_ICMP: "ICMP", IPv4_PROTO_TCP: "TCP", IPv4_PROTO_UDP: "UDP", }
View Source
var KeyLable = []byte("key expansion")
View Source
var MasterSecretLable = []byte("master secret")
View Source
var TLS_EXTENSION_SUPPORTED_VERSIONS = []byte{0x00, 0x2b}
View Source
var TLS_EXTENSION_TYPE_KEY_SHARE = []byte{0x0, 0x33}
View Source
var TLS_VERSION_1_0 = []byte{0x03, 0x01}
View Source
var TLS_VERSION_1_1 = []byte{0x03, 0x02}
View Source
var TLS_VERSION_1_2 = []byte{0x03, 0x03}
View Source
var TLS_VERSION_1_3 = []byte{0x03, 0x04}
View Source
var TLSv13_ClientapTraffic = []byte(`c ap traffic`)
View Source
var TLSv13_ClienthsTraffic = []byte(`c hs traffic`)
View Source
var TLSv13_DerivedLabel = []byte(`derived`)
View Source
var TLSv13_FinishedLabel = []byte(`finished`)
View Source
var TLSv13_ServerapTraffic = []byte(`s ap traffic`)
View Source
var TLSv13_ServerhsTraffic = []byte(`s hs traffic`)
Functions ¶
func DecryptApplicationData ¶ added in v1.3.2
func DecryptChacha20 ¶ added in v1.4.0
func DecryptChacha20(header []byte, chipertext []byte, tlsConn *TLSv12Connection) []byte
こちらも拝借させてもらってる ref: https://github.com/sat0ken/go-tcpip/blob/7dd5085f8aa25747a6098cc7d8d8e336ec5fcadd/tls1_3.go#L88
func EncryptChacha20 ¶ added in v1.4.0
func EncryptChacha20(message []byte, tlsConn *TLSv12Connection) []byte
func EncryptClientMessageForAlert ¶ added in v1.3.2
func EncryptClientMessageForAlert(keyblock *KeyBlock, clientSequence int, plaintext []byte) ([]byte, int)
TODO: 上の encryptClientMessage と共通化を
func EstablishConnectionAndSendPayload ¶
func EstablishConnectionAndSendPayload(nwInterface string, dstIPAddr []byte, dstPort uint16, payload []byte) error
with tcp 3 way handshake
func EstablishConnectionAndSendPayloadXxx ¶ added in v0.0.3
func EstablishConnectionAndSendPayloadXxx(ctx context.Context, nwInterface string, fEthrh *EthernetHeader, fIpv4 *IPv4, fTcp *TCP, upperLayerData []byte) error
このなかで、ログ出力などしないこと。Monitor の下に出てくる 挙動を詳細に確認する場合は、internal内の SendTCP3wayhandshake 関数でやること TODO: 対向からRST,RST/ACKが来た時にreturnするようにする
func EstablishConnectionAndSendPayloadXxxForIPv6 ¶ added in v1.1.0
func EstablishTCPTLSv1_2AndSendPayload ¶ added in v1.3.0
func EstablishTCPTLSv1_2AndSendPayloadForIPv6 ¶ added in v1.3.2
func EstablishTCPTLSv1_2AndSendPayloadForIPv6_CustomImpl ¶ added in v1.8.7
func EstablishTCPTLSv1_2AndSendPayloadForIPv6_CustomImpl(ctx context.Context, nwInterface string, fEthrh *EthernetHeader, fIpv6 *IPv6, fTcp *TCP, upperLayerData []byte) error
TCP 3way handshake と TLSv1.2 の handshake 後にリクエストする関数(IPv6用)
func EstablishTCPTLSv1_2AndSendPayload_CustomImpl ¶ added in v1.8.7
func EstablishTCPTLSv1_2AndSendPayload_CustomImpl(ctx context.Context, nwInterface string, fEthrh *EthernetHeader, fIpv4 *IPv4, fTcp *TCP, upperLayerData []byte) error
TCP 3way handshake と TLSv1.2 の handshake 後にリクエストする関数
func EstablishTCPTLSv1_3AndSendPayload ¶ added in v1.4.0
func EstablishTCPTLSv1_3AndSendPayload_CustomImpl ¶ added in v1.8.7
func EstablishTCPTLSv1_3AndSendPayload_CustomImpl(ctx context.Context, nwInterface string, fEthrh *EthernetHeader, fIpv4 *IPv4, fTcp *TCP, upperLayerData []byte) error
TODO: Generatorの方でexperimentalな処理だよと説明したうえで呼べるようにしとく TCP 3way handshake と TLSv1.3 の handshake 後にリクエストする関数
func ExecIPNeigh ¶
func ExecIPRoute ¶
func GetDefaultRouteIP ¶
func IsDNSRequest ¶ added in v1.0.8
func IsDNSResponse ¶ added in v1.0.8
func NewTLSApplicationData ¶ added in v1.0.3
func NewTLSClientKeyExchangeAndChangeCipherSpecAndFinished ¶ added in v1.0.3
func NewTLSClientKeyExchangeAndChangeCipherSpecAndFinished(clientHello *TLSClientHello, serverHello *TLSServerHello) (*TLSClientKeyExchange, *KeyBlock, int, []byte, []byte)
func OptionsOfhttp ¶
func OptionsOfhttp() []byte
http getリクエスト時のtcp optionを覗いて https://atmarkit.itmedia.co.jp/ait/articles/0401/29/news080_2.html 「オプション」フィールド:32bit単位で可変長
func ParsedTLSToPassive ¶ added in v1.3.0
func SendEncryptedApplicationData ¶ added in v1.4.0
func SendEncryptedApplicationData(upperLayerData []byte, prevTCP *TCP, srcIPAddr uint32, dstIPAddr uint32, dstMACAddr HardwareAddr, srcMACAddr HardwareAddr, fEthrh *EthernetHeader, nw *NetworkInterface, tlsConn *TLSv12Connection, tcpConn *TCPConnection) error
func SendTLSClientHello ¶ added in v1.3.0
func SendTLSClientHello(nw *NetworkInterface, clientHello *TLSClientHello, srcPort, dstPort uint16, srcIPAddr uint32, dstIPAddr uint32, firsthopMACAddr [6]byte, prevSequence uint32, prevAcknowledgment uint32) error
func SendTLSClientHelloForIPv6 ¶ added in v1.3.2
func SendTLSClientHelloForIPv6(nw *NetworkInterface, clientHello *TLSClientHello, srcPort, dstPort uint16, srcIPAddr []uint8, dstIPAddr []uint8, firsthopMACAddr [6]byte, prevSequence uint32, prevAcknowledgment uint32) error
func SendUDP_QUIC_HTTP_Payload ¶ added in v1.8.8
func SendUDP_QUIC_HTTP_PayloadForIPv6 ¶ added in v1.8.8
func StrHexToBytes ¶ added in v1.0.0
TODO: rename or refactor
func StrHexToBytes2 ¶ added in v1.0.0
TODO: rename or refactor
func StrHexToBytes3 ¶ added in v1.0.0
TODO: rename or refactor
func StrIPToBytes ¶ added in v1.0.0
stringのIPv4アドレスをbytesに変換
func StrIntToUint16 ¶ added in v1.0.0
func UintTo2byte ¶ added in v1.4.0
func WriteUint16 ¶
func WriteUint32 ¶
Types ¶
type ARP ¶
type ARP struct {
HardwareType uint16
ProtocolType uint16
HardwareAddrLength uint8
ProtocolLength uint8
Operation uint16
SenderHardwareAddr HardwareAddr
SenderIPAddr uint32
TargetHardwareAddr HardwareAddr
TargetIPAddr uint32
}
https://ja.wikipedia.org/wiki/Address_Resolution_Protocol#%E3%83%91%E3%82%B1%E3%83%83%E3%83%88%E6%A7%8B%E9%80%A0 https://beginners-network.com/supplement/arp_packet_format.html
func NewARPReply ¶ added in v1.0.0
func NewARPReply(sMACAdder HardwareAddr, sIPAddr uint32, tMACAddr HardwareAddr, tIPAddr uint32) *ARP
func NewARPRequest ¶ added in v1.0.0
func NewARPRequest(sMACAdder HardwareAddr, sIPAddr uint32, tMACAddr HardwareAddr, tIPAddr uint32) *ARP
type Certificate ¶ added in v1.0.3
type Certificate struct {
RecordLayer *TLSRecordLayer
HandshakeProtocol *TLSHandshakeProtocol
CertificatesLength []byte
Certificates []byte // TODO: ここ更にフィールドあった
// contains filtered or unexported fields
}
func (*Certificate) Bytes ¶ added in v1.0.3
func (c *Certificate) Bytes() []byte
func (*Certificate) ServerPublicKey ¶ added in v1.0.3
func (c *Certificate) ServerPublicKey() *rsa.PublicKey
func (*Certificate) Validate ¶ added in v1.0.3
func (c *Certificate) Validate() error
ref: https://zenn.dev/satoken/articles/golang-tls1_2#serverhello%2C-certificate%2C-serverhellodone
type CertificateVerify ¶ added in v1.4.0
type CertificateVerify struct {
HandshakeType byte
Length []byte
SignatureHashAlgorithms []byte
SignatureLength []byte
Signature []byte
}
func (*CertificateVerify) VerifyServerCertificate ¶ added in v1.4.0
func (c *CertificateVerify) VerifyServerCertificate(pubkey *rsa.PublicKey, handshake_messages []byte) error
ref: https://github.com/sat0ken/go-tcpip/blob/7dd5085f8aa25747a6098cc7d8d8e336ec5fcadd/tls1_3.go#L285
type ChangeCipherSpecAndFinished ¶ added in v1.0.3
type ChangeCipherSpecAndFinished struct {
ChangeCipherSpecProtocol *ChangeCipherSpecProtocol
Finished *Finished
}
func ParsedTLSChangeCipherSpecAndFinished ¶ added in v1.0.3
func ParsedTLSChangeCipherSpecAndFinished(b []byte, keyblock *KeyBlock, clientSequenceNum int, verifyingData *ForVerifing) *ChangeCipherSpecAndFinished
これは、自作 tls handshake 用で、Monitor に表示するためのものではない
type ChangeCipherSpecProtocol ¶ added in v1.0.3
type ChangeCipherSpecProtocol struct {
RecordLayer *TLSRecordLayer
ChangeCipherSpecMessage []byte
}
func ParsedChangeCipherSpec ¶ added in v1.4.0
func ParsedChangeCipherSpec(b []byte) (*ChangeCipherSpecProtocol, int)
func (*ChangeCipherSpecProtocol) Bytes ¶ added in v1.0.3
func (cc *ChangeCipherSpecProtocol) Bytes() []byte
type ClientKeyExchange ¶ added in v1.0.3
type ClientKeyExchange struct {
RecordLayer *TLSRecordLayer
HandshakeProtocol *TLSHandshakeProtocol
RSAEncryptedPreMasterSecret *RSAEncryptedPreMasterSecret
}
func (*ClientKeyExchange) Bytes ¶ added in v1.0.3
func (c *ClientKeyExchange) Bytes() []byte
type DNS ¶
type DNS struct {
TransactionID uint16
Flags uint16 // TODO: ここにビット単位で意味があるから、structにして管理したい
Questions uint16
AnswerRRs uint16
AuthorityRRs uint16
AdditionalRRs uint16
Queries *Queries
Answers []*Answer
}
https://atmarkit.itmedia.co.jp/ait/articles/1601/29/news014.html 上記とパケットキャプチャ見てイメージがつく、domain
func ParsedDNSRequest ¶
func ParsedDNSResponse ¶
func (*DNS) BytesForTCP ¶ added in v1.8.15
TCPでDNSクエリを投げるときは、DNSクエリ長を先頭につけるため
type EncryptedHandshakeMessage ¶ added in v1.0.3
type EncryptedHandshakeMessage struct {
RecordLayer *TLSRecordLayer
EncryptedHandshakeMessage_ []byte
}
func (*EncryptedHandshakeMessage) Bytes ¶ added in v1.0.3
func (e *EncryptedHandshakeMessage) Bytes() []byte
type EthernetDot1QFields ¶ added in v1.8.16
type EthernetFrame ¶
type EthernetFrame struct {
Header *EthernetHeader
Data []byte
}
func NewEthernetFrame ¶
func NewEthernetFrame(dst HardwareAddr, src HardwareAddr, typ uint16, payload []byte) *EthernetFrame
func ParsedEthernetFrame ¶
func ParsedEthernetFrame(b []byte) *EthernetFrame
func (*EthernetFrame) Bytes ¶
func (ef *EthernetFrame) Bytes() []byte
type EthernetHeader ¶
type EthernetHeader struct {
Dst HardwareAddr
Src HardwareAddr
Typ uint16
Dot1QFiels *EthernetDot1QFields
}
type Finished ¶ added in v1.0.3
type Finished struct {
RecordLayer *TLSRecordLayer
RawEncrypted []byte
}
type FinishedMessage ¶ added in v1.4.0
func (*FinishedMessage) Bytes ¶ added in v1.4.0
func (f *FinishedMessage) Bytes() []byte
type ForVerifing ¶ added in v1.0.3
type ForVerifing struct {
Master []byte
ClientHello *TLSClientHello
ServerHello *TLSServerHello
ClientKeyExchange *ClientKeyExchange
ClientFinished []byte // 暗号化前の
}
type HTTP ¶
type HTTP struct {
Method string
Uri string
Version string
Host string
UserAgent string
Accept string
ContentLength string
Body string
}
func ParsedHTTPRequest ¶
type HTTPResponse ¶
type HTTPResponse struct {
StatusLine string
Header *HTTPResponseHeader
Body []byte
// contains filtered or unexported fields
}
func ParsedHTTPResponse ¶
func ParsedHTTPResponse(payload []byte) *HTTPResponse
TODO: 多分このあたりバグってる。Monitor の http response の hexadecimal dump と Wireshark で異なる TODO: panic になることある
func (*HTTPResponse) Bytes ¶ added in v1.0.7
func (hr *HTTPResponse) Bytes() []byte
func (*HTTPResponse) Len ¶ added in v0.0.3
func (h *HTTPResponse) Len() int
type HTTPResponseHeader ¶ added in v0.0.3
func (*HTTPResponseHeader) Bytes ¶ added in v1.0.7
func (hrh *HTTPResponseHeader) Bytes() []byte
type HardwareAddr ¶
type HardwareAddr [6]uint8
func (*HardwareAddr) String ¶ added in v1.0.0
func (h *HardwareAddr) String() string
type ICMP ¶
type ICMP struct {
Typ uint8
Code uint8
Checksum uint16
Identifier uint16
Sequence uint16
Data []byte
}
https://www.infraexpert.com/study/tcpip4.html https://inc0x0.com/icmp-ip-packets-ping-manually-create-and-send-icmp-ip-packets/
func ParsedICMP ¶
func (*ICMP) CalculateChecksum ¶
func (i *ICMP) CalculateChecksum()
copy from https://cs.opensource.google/go/x/net/+/master:icmp/message.go
func (*ICMP) TimestampForTypeTimestampRequest ¶ added in v1.8.14
icmpのタイムスタンプ要求で必要みたい Linuxで、sudo hping3 1.1.1.1 --icmp --icmptype 13 でタイムスタンプ要求のパケット確認できる
type IPv4 ¶
type IPv4 struct {
Version uint8 // 4bit
Ihl uint8 // 4bit. hearder length
Tos uint8 // 8bit. type of service
TotalLength uint16 // 16bit. total length
Identification uint16 // 16bit
Flags uint8 // 3bit
FragmentOffset uint16 // 13bit
Ttl uint8 // 8bit
Protocol uint8 // 8bit
HeaderChecksum uint16 // 16bit
SrcAddr uint32 // 32bit
DstAddr uint32 // 32bit
Options []uint8
Padding []uint8
Data []byte
}
https://www.infraexpert.com/study/tcpip1.html
func ParsedIPv4 ¶
func (*IPv4) CalculateTotalLength ¶
func (i *IPv4) CalculateTotalLength()
func (*IPv4) StrDstIPAddr ¶ added in v1.0.0
func (*IPv4) StrSrcIPAddr ¶ added in v1.0.0
type IPv6 ¶ added in v0.0.2
type IPv6 struct {
Version uint8 // 4bit
TrafficClass uint8
FlowLabel uint32 // 20bit
PayloadLength uint16
NextHeader uint8
HopLimit uint8
SrcAddr []uint8
DstAddr []uint8
Option []uint8
Data []byte
}
rfc: https://datatracker.ietf.org/doc/html/rfc8200#page-6 https://atmarkit.itmedia.co.jp/ait/articles/1201/05/news113.html ↑ によると、「TrafficClass」の前半4bitに拡張ヘッダ(Option)までの長さ入ってるっぽいけど https://datatracker.ietf.org/doc/html/rfc8200#section-4 によると、「NextHeader」の種類ごとに、拡張ヘッダー(Option)があるかどうかみたいなのがわかるっぽい? ちなみに、NextHeader は、IPv4 の Protocol と同じ値みたい
func ParsedIPv6 ¶ added in v0.0.2
func (*IPv6) CalculatePayloadLength ¶ added in v1.8.13
func (i *IPv6) CalculatePayloadLength()
func (*IPv6) PseudoHeader ¶ added in v1.1.0
上位レイヤのチェックサムを求めるための ref: https://datatracker.ietf.org/doc/html/rfc8200#section-8.1
func (*IPv6) StrDstIPAddr ¶ added in v1.0.0
func (*IPv6) StrSrcIPAddr ¶ added in v1.0.0
type InterfaceDevice ¶ added in v1.7.0
type InterfaceDevice struct {
InterfaceName string
DeviceName string
Description string
MacAddr string
IPAddrs []string
}
net.Interfaces と pcap.FindAllDevs で取れる情報. Windows だとNameが違う
type InterfaceDevices ¶ added in v1.7.0
type InterfaceDevices []*InterfaceDevice
func NewInterfaceDevices ¶ added in v1.7.0
func NewInterfaceDevices() (InterfaceDevices, error)
type KeyBlockForTLSv13 ¶ added in v1.4.0
type NetworkInterface ¶
type NetworkInterface struct {
Intf *net.Interface
Socket int // file discripter
SocketAddr unix.SockaddrLinklayer
IPAdder uint32
PassiveCh chan *Passive
}
func NewNetworkInterface ¶
func NewNetworkInterface(nwInterface string) (*NetworkInterface, error)
func (*NetworkInterface) Close ¶
func (nw *NetworkInterface) Close() error
func (*NetworkInterface) Send ¶
func (nw *NetworkInterface) Send(ethernetFrame *EthernetFrame) error
type NetworkInterfaceForTCP ¶
type NetworkInterfaceForTCP struct {
Socket int
}
func NewNetworkInterfaceForTCP ¶
func NewNetworkInterfaceForTCP(nwInterface string) (*NetworkInterfaceForTCP, error)
func (*NetworkInterfaceForTCP) Close ¶
func (nwt *NetworkInterfaceForTCP) Close() error
func (*NetworkInterfaceForTCP) Connect ¶
func (nwt *NetworkInterfaceForTCP) Connect(dstIPAddr []byte, dstPort uint16) error
type NoOperation ¶
type NoOperation struct {
Kind uint8
}
type Passive ¶
type Passive struct {
HTTPRes *HTTPResponse
HTTP *HTTP
TLSClientHello *TLSClientHello
TLSServerHello *TLSServerHello
TLSServerHelloFor1_3 *TLSServerHelloFor1_3 // TODO: まとめたい
TLSClientKeyExchange *TLSClientKeyExchange
TLSChangeCipherSpecAndEncryptedHandshakeMessage *TLSChangeCipherSpecAndEncryptedHandshakeMessage
TLSApplicationData *TLSApplicationData
TLSEncryptedAlert *TLSEncryptedAlert
DNS *DNS
TCP *TCP
UDP *UDP
ICMP *ICMP
IPv4 *IPv4
IPv6 *IPv6
ARP *ARP
EthernetFrame *EthernetFrame
}
func ParsedPacket ¶
func (*Passive) HighLayerProto ¶
type RSAEncryptedPreMasterSecret ¶ added in v1.0.3
type RSAEncryptedPreMasterSecret struct {
EncryptedPreMasterLength []byte
EncryptedPreMaster []byte
}
func (*RSAEncryptedPreMasterSecret) Bytes ¶ added in v1.0.3
func (r *RSAEncryptedPreMasterSecret) Bytes() []byte
type SackPermitted ¶
type ServerHello ¶ added in v1.0.3
type ServerHello struct {
RecordLayer *TLSRecordLayer
HandshakeProtocol *TLSHandshakeProtocol
}
func ParsedTLSServerHelloOnly ¶ added in v1.4.0
func ParsedTLSServerHelloOnly(b []byte) (*ServerHello, int)
TLS1.2/1.3 共通
func (*ServerHello) Bytes ¶ added in v1.0.3
func (s *ServerHello) Bytes() []byte
type ServerHelloDone ¶ added in v1.0.3
type ServerHelloDone struct {
RecordLayer *TLSRecordLayer
HandshakeProtocol *TLSHandshakeProtocol
}
func (*ServerHelloDone) Bytes ¶ added in v1.0.3
func (sd *ServerHelloDone) Bytes() []byte
type TCP ¶
type TCP struct {
SrcPort uint16
DstPort uint16
Sequence uint32
Acknowledgment uint32
// Data Offset (DOffset)(4bit. TCPヘッダ長. 32bit整数倍) と Reserved (Rsrvd)(4bit. すべて0)
// ref: https://www.rfc-editor.org/rfc/rfc9293.html#section-3.1
HeaderLength uint8
// Control bits(8bit)
// ref: https://www.rfc-editor.org/rfc/rfc9293.html#section-3.1-6.14.1
Flags TCPFlags
Window uint16
Checksum uint16
UrgentPointer uint16
Options []byte // optionsをセットする用の関数あった方がいいかも?
Data []byte
}
func NewTCPAckForPassiveData ¶ added in v0.0.3
func NewTCPAckForPassiveData(srcPort, dstPort uint16, prevSequence uint32, prevAcknowledgment uint32, tcpPayloadLength int) *TCP
tcpパケット連続で送るときは port 変えること
func NewTCPFinAck ¶ added in v0.0.3
tcpパケット連続で送るときは port 変えること
func NewTCPWithData ¶
func NewTCPWithData(srcPort, dstPort uint16, data []byte, prevSequence uint32, prevAcknowledgment uint32) *TCP
tcpパケット連続で送るときは port 変えること
func (*TCP) CalculateChecksum ¶ added in v0.0.3
https://atmarkit.itmedia.co.jp/ait/articles/0401/29/news080_2.html 「「チェックサム」フィールド:16bit幅」
func (*TCP) CalculateChecksumForIPv6 ¶ added in v1.1.0
type TCPConnection ¶ added in v1.3.2
type TCPConnection struct {
SrcPort uint16
DstPort uint16
// contains filtered or unexported fields
}
func NewTCPConnection ¶ added in v1.3.2
func NewTCPConnection(SrcPort uint16, DstPort uint16) *TCPConnection
func (*TCPConnection) Close ¶ added in v1.3.2
func (conn *TCPConnection) Close()
func (*TCPConnection) EstablishedConnection ¶ added in v1.3.2
func (conn *TCPConnection) EstablishedConnection()
func (*TCPConnection) IsPassiveAck ¶ added in v1.3.2
func (conn *TCPConnection) IsPassiveAck(tcp *TCP) bool
func (*TCPConnection) IsPassiveFinAck ¶ added in v1.3.2
func (conn *TCPConnection) IsPassiveFinAck(tcp *TCP) bool
func (*TCPConnection) IsPassivePshAck ¶ added in v1.3.2
func (conn *TCPConnection) IsPassivePshAck(tcp *TCP) bool
func (*TCPConnection) IsPassiveSynAckForHandshake ¶ added in v1.3.2
func (conn *TCPConnection) IsPassiveSynAckForHandshake(tcp *TCP) bool
func (*TCPConnection) SetState ¶ added in v1.3.2
func (conn *TCPConnection) SetState(state TCPState)
type TCPState ¶ added in v1.3.2
type TCPState int
const ( TCP_STATE_INIT TCPState = iota TCP_STATE_3WAY_HANDSHAKE_SEND_SYN TCP_STATE_3WAY_HANDSHAKE_PASSIVE_SYNACK TCP_STATE_3WAY_HANDSHAKE_SEND_ACK // = established tcp connection TCP_STATE_PASSIVE_PSHACK // = データ受信 TCP_STATE_SEND_FINACK // = tcp connection を終えたい TCP_STATE_PASSIVE_FINACK TCP_STATE_SEND_ACK )
type TLSApplicationData ¶ added in v1.0.3
type TLSApplicationData struct {
RecordLayer *TLSRecordLayer
EncryptedApplicationData []byte
}
func ParsedTLSApplicationData ¶ added in v1.3.0
func ParsedTLSApplicationData(b []byte) *TLSApplicationData
func (*TLSApplicationData) Bytes ¶ added in v1.0.3
func (a *TLSApplicationData) Bytes() []byte
type TLSChangeCipherSpecAndEncryptedHandshakeMessage ¶ added in v1.3.0
type TLSChangeCipherSpecAndEncryptedHandshakeMessage struct {
ChangeCipherSpecProtocol *ChangeCipherSpecProtocol
EncryptedHandshakeMessage *EncryptedHandshakeMessage
}
サーバから来る
func ParsedTLSChangeCipherSpecAndEncryptedHandshakeMessage ¶ added in v1.3.0
func ParsedTLSChangeCipherSpecAndEncryptedHandshakeMessage(b []byte) *TLSChangeCipherSpecAndEncryptedHandshakeMessage
これは、Monitor 表示用に、受信したものをただパースする関数
func (*TLSChangeCipherSpecAndEncryptedHandshakeMessage) Bytes ¶ added in v1.3.0
func (t *TLSChangeCipherSpecAndEncryptedHandshakeMessage) Bytes() []byte
type TLSClientHello ¶ added in v1.0.3
type TLSClientHello struct {
RecordLayer *TLSRecordLayer
HandshakeProtocol *TLSHandshakeProtocol
// TODO: これがこのstruct内にあるのはおかしく、一旦実装を簡単にするため置いてるだけ。要リファクタ
ECDHEKeys *ECDHEKeys
}
func NewTLSClientHello ¶ added in v1.0.3
func NewTLSClientHello(tlsVersion []byte, cipherSuites ...uint16) *TLSClientHello
TODO: tls1.3 用のと汎用的に
func ParsedTLSClientHello ¶ added in v1.3.0
func ParsedTLSClientHello(b []byte) *TLSClientHello
func (*TLSClientHello) Bytes ¶ added in v1.0.3
func (tch *TLSClientHello) Bytes() []byte
type TLSClientKeyExchange ¶ added in v1.0.3
type TLSClientKeyExchange struct {
ClientKeyExchange *ClientKeyExchange
ChangeCipherSpecProtocol *ChangeCipherSpecProtocol
EncryptedHandshakeMessage []byte
}
func ParsedTLSClientKeyexchange ¶ added in v1.3.0
func ParsedTLSClientKeyexchange(b []byte) *TLSClientKeyExchange
func (*TLSClientKeyExchange) Bytes ¶ added in v1.0.3
func (tlsclientkeyexchange *TLSClientKeyExchange) Bytes() []byte
type TLSEncryptedAlert ¶ added in v1.3.0
type TLSEncryptedAlert struct {
RecordLayer *TLSRecordLayer
AlertMessage []byte
}
func ParsedTLSEncryptedAlert ¶ added in v1.3.0
func ParsedTLSEncryptedAlert(b []byte) *TLSEncryptedAlert
func (*TLSEncryptedAlert) Bytes ¶ added in v1.3.0
func (t *TLSEncryptedAlert) Bytes() []byte
type TLSExtension ¶ added in v1.4.0
func (*TLSExtension) Bytes ¶ added in v1.4.0
func (e *TLSExtension) Bytes() []byte
func (*TLSExtension) IsTLS13 ¶ added in v1.4.0
func (e *TLSExtension) IsTLS13() bool
type TLSExtensions ¶ added in v1.4.0
type TLSExtensions []*TLSExtension
func ParsedTLSExtensions ¶ added in v1.4.0
func ParsedTLSExtensions(extensionsLength int, b []byte) TLSExtensions
func (TLSExtensions) Bytes ¶ added in v1.4.0
func (es TLSExtensions) Bytes() []byte
type TLSHandshakeProtocol ¶ added in v1.0.3
type TLSHandshakeProtocol struct {
HandshakeType []byte
Length []byte
Version []byte
Random []byte
SessionIDLength []byte
SessionID []byte
CipherSuitesLength []byte
CipherSuites []uint16 // ref: https://tls12.xargs.org/#client-hello/annotated [Ciper Suites]
CompressionMethodsLength []byte
CompressionMethods []byte
ExtensionsLength []byte
Extentions TLSExtensions
}
func (*TLSHandshakeProtocol) Bytes ¶ added in v1.0.3
func (p *TLSHandshakeProtocol) Bytes(isFromServer bool) []byte
type TLSRecordLayer ¶ added in v1.0.3
ref: https://tls12.xargs.org/#client-hello/annotated 以降のstructのフィールドはWiresharkを見つつ補完
func (*TLSRecordLayer) Bytes ¶ added in v1.0.3
func (l *TLSRecordLayer) Bytes() []byte
type TLSServerHello ¶ added in v1.0.3
type TLSServerHello struct {
ServerHello *ServerHello
Certificate *Certificate
ServerHelloDone *ServerHelloDone
}
func ParsedTLSServerHello ¶ added in v1.0.3
func ParsedTLSServerHello(b []byte) *TLSServerHello
tls1.2用
func (*TLSServerHello) Bytes ¶ added in v1.0.3
func (tlsserverhello *TLSServerHello) Bytes() []byte
type TLSServerHelloFor1_3 ¶ added in v1.4.0
type TLSServerHelloFor1_3 struct {
ServerHello *ServerHello
ChangeCipherSpecProtocol *ChangeCipherSpecProtocol
ApplicationDataProtocols []*TLSApplicationData
}
func ParsedTLSServerHelloFor1_3 ¶ added in v1.4.0
func ParsedTLSServerHelloFor1_3(b []byte) *TLSServerHelloFor1_3
tls1.3用
func (*TLSServerHelloFor1_3) Bytes ¶ added in v1.4.0
func (t *TLSServerHelloFor1_3) Bytes() []byte
func (*TLSServerHelloFor1_3) GetServerKeyShare ¶ added in v1.4.0
func (t *TLSServerHelloFor1_3) GetServerKeyShare() []byte
type TLSv12Connection ¶ added in v1.3.2
type TLSv12Connection struct {
TLSClientHello *TLSClientHello
TLSServerHello *TLSServerHello
TLSClientKeyExchange *TLSClientKeyExchange
TLSClientFinished []byte
KeyBlock *KeyBlock
ClientSequence int
Master []byte
// 以降、tlsv1.3実装で追加したものたち
ECDHEKeys *ECDHEKeys
KeyBlockForTLSv13 *KeyBlockForTLSv13
TLSServerHelloFor1_3 *TLSServerHelloFor1_3
ServerHandshakeSeq int
ServerAppSeq int
ClientHandshakeSeq int
ClientAppSeq int
// contains filtered or unexported fields
}
func NewTLSv12Connection ¶ added in v1.3.2
func NewTLSv12Connection() *TLSv12Connection
func NewTLSv13Connection ¶ added in v1.4.0
func NewTLSv13Connection() *TLSv12Connection
TODO: 1.3用のstructを?
func (*TLSv12Connection) Close ¶ added in v1.3.2
func (t *TLSv12Connection) Close()
func (*TLSv12Connection) EstablishedConnection ¶ added in v1.3.2
func (t *TLSv12Connection) EstablishedConnection()
func (*TLSv12Connection) IsEstablished ¶ added in v1.3.2
func (t *TLSv12Connection) IsEstablished() bool
func (*TLSv12Connection) IsPassiveChangeCipherSpecAndFinished ¶ added in v1.3.2
func (t *TLSv12Connection) IsPassiveChangeCipherSpecAndFinished(tcp *TCP) bool
func (*TLSv12Connection) IsPassiveServerHello ¶ added in v1.3.2
func (t *TLSv12Connection) IsPassiveServerHello(tcp *TCP) bool
TODO: ServerHello 以外も拾っちゃってるからちゃんと判定したい
func (*TLSv12Connection) IsSendApplicationData ¶ added in v1.3.2
func (t *TLSv12Connection) IsSendApplicationData() bool
func (*TLSv12Connection) KeyscheduleToAppTraffic ¶ added in v1.4.0
func (t *TLSv12Connection) KeyscheduleToAppTraffic()
こちらも
func (*TLSv12Connection) KeyscheduleToMasterSecret ¶ added in v1.4.0
func (t *TLSv12Connection) KeyscheduleToMasterSecret(sharedkey []byte)
丸っと拝借させて頂いた コード: https://github.com/sat0ken/go-tcpip/blob/7dd5085f8aa25747a6098cc7d8d8e336ec5fcadd/tls1_3.go#L192 記事:https://zenn.dev/satoken/articles/golang-tls1_3#tls1.3%E3%81%AE%E9%8D%B5%E7%94%9F%E6%88%90%E3%81%AE%E6%B5%81%E3%82%8C TODO: やっぱりレシーバがTLSv1.2用のはおかしいから、v1.3用の作るか、共用に命名変更するかする
func (*TLSv12Connection) SetState ¶ added in v1.3.2
func (t *TLSv12Connection) SetState(s TLSv12State)
func (*TLSv12Connection) VerifingData ¶ added in v1.3.2
func (t *TLSv12Connection) VerifingData() *ForVerifing
type TLSv12State ¶ added in v1.3.2
type TLSv12State int
const ( TLSv12_STATE_INIT TLSv12State = iota TLSv12_STATE_PASSIVE_SERVER_HELLO TLSv12_STATE_SEND_APPLICATION_DATA )
type UDP ¶
type UDP struct {
SrcPort uint16
DstPort uint16
Length uint16
Checksum uint16 // TODO: 後で計算用メソッドを。そもそも他のヘッダのchecksumと同じ計算っぽいから、独立させるかも
Data []byte
}
func (*UDP) CalculateChecksum ¶ added in v1.8.12
func (*UDP) CalculateChecksumForIPv6 ¶ added in v1.1.0
IPv6 ではチェックサムがないため、上のレイヤでチェックサムが必要なため
type WindowScale ¶
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
debugging/bgp
command
|
|
|
debugging/http-server
command
|
|
|
debugging/https-server
command
|
|
|
debugging/tls-server
command
|
|
|
packemon
command
|
|
|
internal
|
|
Click to show internal directories.
Click to hide internal directories.