README
¶
goPacCap
Package paccap provides an easy-to-use interface for capturing and inspecting the packets. Along comes with it is a very miniscule implementation of IPCache.
Getting Started
To install the library
go get github.com/hashcode55/gopaccap
Dependencies
go get github.com/google/gopacket
go get github.com/Sirupsen/logrus
Usage
package main
import (
log "github.com/Sirupsen/logrus"
"github.com/hashcode55/gopaccap"
)
func main() {
// boolean flag to break for loop ahead
breakSel := false
// first argument is cache expiration time
// second is whetther to read cache from file or not
// third is the path from where to read
pc := gopaccap.PacketCapture(5, false, "")
// run capture as a goroutine and yay!
go pc.LiveCapture("tcp", "en0", 65535, false, -1*time.Second)
// a simple select statement to receive the packets
for {
select {
case p := <-pc.PackChan:
log.Infof("[PacCap ] %s", p)
case <-c:
breakSel = true
}
if breakSel {
break
}
}
log.Info("Finished Capturing.")
}
Running the tests
To run the tests, open the root of project and
go test
Documentation
https://godoc.org/github.com/HashCode55/goPacCap
Authors
- Mehul Ahuja
License
This project is licensed under the MIT License - see the LICENSE.md file for details
Documentation
¶
Overview ¶
Package paccap provides an easy-to-use interface for capturing and inspecting the packets with a miniscule implementation of IPCache.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IPCache ¶
type IPCache struct {
// DefaultExpiration is the Expiration time of the items
DefaultExpiration time.Duration
// IPTable stores the ip as key and Port as value
IPTable map[string]PortObject
// Mu is a mutex to control the access
Mu sync.RWMutex
// TickInterval is the purge time for the cache
TickInterval time.Duration
}
IPCache is a simple cache implementation which has four struct variables. DefaultExpiration is the default time after which the cache entries expire. IPTable is a map object which stores the entries of cache as key value pairs. And TickInterval is the actual time after which the entries are deleted.
func NewIPCache ¶
func NewIPCache(DefaultExpiration, Tickinterval time.Duration, readCache bool, path string) (*IPCache, error)
NewIPCache creates returns a new IPCache. It takes four values as arguments, DefaultExpiration which is the Expiration time for the cache entries, Tickinterval is the purge time for the expired entries, reacFromCache is a boolean variable which flags whether to read from file or not and finally the path to read from.
func (*IPCache) Get ¶
Gets returns the corresponding value (that is Port) to the IP given as argument.
func (*IPCache) GetIPTable ¶
func (c *IPCache) GetIPTable() map[string]PortObject
GetIPTable returns the snapshot of the IPTable as a map object
func (*IPCache) InspectCache ¶
InspectCache takes the IP address as string returns a bool value telling whether the value is still in the IP table or not. This is for testing.
func (*IPCache) SaveIPCache ¶
SaveIPCache saves the IPTable in a file
type Paccap ¶
type Paccap struct {
// IPCache is the cache object which'll store key value pairs
// with source IP as key and destination port as value.
IPCache *IPCache
// PackChan is a channel which gets the detected channels.
PackChan chan Packet
}
Paccap is the enclosing packet capture struct. It encapsulates a *IPCache object, and a packet channel which stores the incoming packets.
func PacketCapture ¶
PacketCapture creates a new instance of the Paccap struct initialising the IPCache. It takes a three arguments, cache expiration time and a bool value specifying whether to read cache from disc or not and the path specifying the location on disc.
func (*Paccap) LiveCapture ¶
func (pc *Paccap) LiveCapture(filter, device string, snapshotlen int32, promiscuous bool, timeout time.Duration)
LiveCapture attaches with the NIC specified and starts capturing the packets logging the packet details. It caches the source IP of the packets recieved with the given expiration time. Takes BPF(filter), the device name, snapshot length, promiscous (boolean) and timeout time as arguments. As it recognizes the packets it keeps on pushing the packets into a channel shared with the host process that is the client.
func (*Paccap) ReadPcap ¶
ReadPcap reads the pcap files from the specified path and logs the packet details. It takes two arguments, a packet filter specified as BPF, and the path of the pcap files. As it recognizes the packets it keeps on pushing the packets into a channel shared with the host process that is the client.
func (*Paccap) UpdateCache ¶
UpdateCache take a packet and updates the cache with the src IP and Destination Port. This way we can insert entries in the cache before starting a LiveCapture or after starting LiveCapture as a goroutine.
type Packet ¶
type Packet struct {
// FromIP is the Source IP
FromIP string
// ToIP is the Destination IP
ToIP string
// FromPort is the Source Port
FromPort string
// ToPort is the Destination Port
ToPort string
}
Packet stores the details of packets storing information about source IP/Port and destination IP/Port
type PortObject ¶
type PortObject struct {
// Port is the destination Port which the cache will store.
Port string
// Expiration is the time after which the cache entry will be invalidated.
Expiration int64
}
PortObject is an encapsulation over the Port entries.
Source Files
Directories