utils

package

v0.9.0 Latest Latest Go to latest Published: Apr 9, 2026 License: BSD-3-Clause, GPL-3.0 Imports: 24 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dreadl0ck/netcap

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func CalcCommunityIDSCTP(srcIP, dstIP string, srcPort, dstPort uint16) string
func CalcCommunityIDTCP(srcIP, dstIP string, srcPort, dstPort uint16) string
func CalcCommunityIDUDP(srcIP, dstIP string, srcPort, dstPort uint16) string
func DecodeConversation(ident string, data core.DataFragments, client func(buf *bufio.Reader) error, ...)
func ResetStats()
func SaveConversation(proto string, conversation core.DataFragments, ident string, ...) error
func SaveNetworkConversation(protocol string, conversation NetworkDataFragments, ident string, ...) error
func SetLogger(l *zap.Logger)
func SetReassemblyLogger(l *zap.Logger)
type NetworkDataFragment
type NetworkDataFragments

Constants ¶

This section is empty.

Variables ¶

View Source

var DeviceEnricher func(ip string, hostnames, deviceTypes, roles []string, os string)

DeviceEnricher is a callback function to enrich a device profile by IP. Set by the collector during initialization to avoid circular imports.

View Source

var Stats struct {
	sync.Mutex

	IPdefrag                int64
	MissedBytes             int64
	Pkt                     int64
	Sz                      int64
	Totalsz                 int64
	RejectFsm               int64
	RejectOpt               int64
	RejectConnFsm           int64
	Reassembled             int64
	OutOfOrderBytes         int64
	OutOfOrderPackets       int64
	BiggestChunkBytes       int64
	BiggestChunkPackets     int64
	OverlapBytes            int64
	OverlapPackets          int64
	SavedTCPConnections     int64
	SavedUDPConnections     int64
	SavedNetworkConnections int64
	NumSoftware             int64
	NumServices             int64

	Requests  int64
	Responses int64
	Count     int64
	DataBytes int64
	NumConns  int64
	NumFlows  int64

	// HTTP
	NumUnmatchedResp        int64
	NumNilRequests          int64
	NumFoundRequests        int64
	NumRemovedRequests      int64
	NumUnansweredRequests   int64
	NumClientStreamNotFound int64
	NumRequests             int64
	NumResponses            int64

	// keep this one after all 64bit types to fix alignment problems on ARM
	NumErrors uint
}

Stats contains statistics about the stream reassembly.

Functions ¶

func CalcCommunityIDSCTP ¶ added in v0.9.0

func CalcCommunityIDSCTP(srcIP, dstIP string, srcPort, dstPort uint16) string

CalcCommunityIDSCTP calculates a Community ID v1 for an SCTP stream. Returns an empty string if the IP addresses cannot be parsed.

func CalcCommunityIDTCP ¶ added in v0.9.0

func CalcCommunityIDTCP(srcIP, dstIP string, srcPort, dstPort uint16) string

CalcCommunityIDTCP calculates a Community ID v1 for a TCP stream. Returns an empty string if the IP addresses cannot be parsed.

func CalcCommunityIDUDP ¶ added in v0.9.0

func CalcCommunityIDUDP(srcIP, dstIP string, srcPort, dstPort uint16) string

CalcCommunityIDUDP calculates a Community ID v1 for a UDP stream. Returns an empty string if the IP addresses cannot be parsed.

func DecodeConversation ¶

func DecodeConversation(
	ident string,
	data core.DataFragments,
	client func(buf *bufio.Reader) error,
	server func(buf *bufio.Reader) error,
)

DecodeConversation is a Transport layer agnostic util to decode client / server data streams.

func ResetStats ¶ added in v0.7.6

func ResetStats()

ResetStats clears all stream reassembly statistics This should be called when resetting state between processing different files

func SaveConversation ¶

func SaveConversation(proto string, conversation core.DataFragments, ident string, firstPacket time.Time, transport gopacket.Flow, communityID string) error

SaveConversation will save TCP / UDP conversations to disk this also invokes the harvesters on the conversation banner The communityID parameter is the Corelight Community ID v1 for the connection, calculated once at the stream level and passed through to harvesters.

func SaveNetworkConversation ¶ added in v0.9.0

func SaveNetworkConversation(protocol string, conversation NetworkDataFragments, ident string, firstPacket time.Time) error

SaveNetworkConversation will save network-layer conversations (ICMP, IGMP, GRE, etc.) to disk Protocol should be the network layer protocol name (e.g., "ICMPv4", "ICMPv6", "IGMP", "GRE")

func SetLogger ¶

func SetLogger(l *zap.Logger)

SetLogger is an alias for SetReassemblyLogger for backward compatibility

func SetReassemblyLogger ¶ added in v0.9.0

func SetReassemblyLogger(l *zap.Logger)

SetReassemblyLogger configures the logger for this package.

Types ¶

type NetworkDataFragment ¶ added in v0.9.0

type NetworkDataFragment interface {
	Raw() []byte
	CaptureInfo() gopacket.CaptureInfo
	Network() gopacket.Flow
	Direction() reassembly.TCPFlowDirection
}

NetworkDataFragment represents a single network-layer packet fragment This interface allows the network package to pass data without circular imports

type NetworkDataFragments ¶ added in v0.9.0

type NetworkDataFragments []NetworkDataFragment

NetworkDataFragments is a slice of network data fragments

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL