package module
Version: v0.0.0-...-558295d Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Feb 25, 2013 License: BSD-3-Clause Imports: 11 Imported by: 0



This is a simple wrapper around libpcap for Go.  Originally written by Andreas
Krennmair <ak@synflood.at> and only minorly touched up by Mark Smith <mark@qq.is>.

Please see the included pcaptest.go and tcpdump.go programs for instructions on
how to use this library.

Miek Gieben <miek@miek.nl> has created a more Go-like package and replaced functionality
with standard functions from the standard library. The package has also been renamed to



Interface to both live and offline pcap parsing.



View Source
const (
	TYPE_IP   = 0x0800
	TYPE_ARP  = 0x0806
	TYPE_IP6  = 0x86DD
	TYPE_VLAN = 0x8100

	IP_ICMP = 1
	IP_INIP = 4
	IP_TCP  = 6
	IP_UDP  = 17
View Source
const (

	// According to pcap-linktype(7).
	LINKTYPE_NULL             = 0
	LINKTYPE_ARCNET           = 7
	LINKTYPE_SLIP             = 8
	LINKTYPE_PPP              = 9
	LINKTYPE_FDDI             = 10
	LINKTYPE_ATM_RFC1483      = 100
	LINKTYPE_RAW              = 101
	LINKTYPE_PPP_HDLC         = 50
	LINKTYPE_C_HDLC           = 104
	LINKTYPE_IEEE802_11       = 105
	LINKTYPE_FRELAY           = 107
	LINKTYPE_LOOP             = 108
	LINKTYPE_LINUX_SLL        = 113
	LINKTYPE_LTALK            = 104
	LINKTYPE_PFLOG            = 117
	LINKTYPE_IP_OVER_FC       = 122
	LINKTYPE_SUNATM           = 123
View Source
const (
	TCP_FIN = 1 << iota


This section is empty.


func DatalinkValueToDescription

func DatalinkValueToDescription(dlt int) string

func DatalinkValueToName

func DatalinkValueToName(dlt int) string

func Version

func Version() string


type Arphdr

type Arphdr struct {
	Addrtype          uint16
	Protocol          uint16
	HwAddressSize     uint8
	ProtAddressSize   uint8
	Operation         uint16
	SourceHwAddress   []byte
	SourceProtAddress []byte
	DestHwAddress     []byte
	DestProtAddress   []byte

Arphdr is a ARP packet header.

func (*Arphdr) String

func (arp *Arphdr) String() (s string)

type FileHeader

type FileHeader struct {
	MagicNumber  uint32
	VersionMajor uint16
	VersionMinor uint16
	TimeZone     int32
	SigFigs      uint32
	SnapLen      uint32
	Network      uint32

FileHeader is the parsed header of a pcap file. http://wiki.wireshark.org/Development/LibpcapFileFormat

type IFAddress

type IFAddress struct {
	IP      net.IP
	Netmask net.IPMask

type Icmphdr

type Icmphdr struct {
	Type     uint8
	Code     uint8
	Checksum uint16
	Id       uint16
	Seq      uint16
	Data     []byte

func (*Icmphdr) String

func (icmp *Icmphdr) String(hdr addrHdr) string

func (*Icmphdr) TypeString

func (icmp *Icmphdr) TypeString() (result string)

type Interface

type Interface struct {
	Name        string
	Description string
	Addresses   []IFAddress

func Findalldevs

func Findalldevs() (ifs []Interface, err error)

type Ip6hdr

type Ip6hdr struct {
	// http://www.networksorcery.com/enp/protocol/ipv6.htm
	Version      uint8  // 4 bits
	TrafficClass uint8  // 8 bits
	FlowLabel    uint32 // 20 bits
	Length       uint16 // 16 bits
	NextHeader   uint8  // 8 bits, same as Protocol in Iphdr
	HopLimit     uint8  // 8 bits
	SrcIp        []byte // 16 bytes
	DestIp       []byte // 16 bytes

func (*Ip6hdr) DestAddr

func (ip6 *Ip6hdr) DestAddr() string

func (*Ip6hdr) Len

func (ip6 *Ip6hdr) Len() int

func (*Ip6hdr) SrcAddr

func (ip6 *Ip6hdr) SrcAddr() string

type Iphdr

type Iphdr struct {
	Version    uint8
	Ihl        uint8
	Tos        uint8
	Length     uint16
	Id         uint16
	Flags      uint8
	FragOffset uint16
	Ttl        uint8
	Protocol   uint8
	Checksum   uint16
	SrcIp      []byte
	DestIp     []byte

IPadr is the header of an IP packet.

func (*Iphdr) DestAddr

func (ip *Iphdr) DestAddr() string

func (*Iphdr) Len

func (ip *Iphdr) Len() int

func (*Iphdr) SrcAddr

func (ip *Iphdr) SrcAddr() string

type Packet

type Packet struct {
	Time   time.Time // packet send/receive time
	Caplen uint32    // bytes stored in the file (caplen <= len)
	Len    uint32    // bytes sent/received
	Data   []byte    // packet data

	Type    int // protocol type, see LINKTYPE_*
	DestMac uint64
	SrcMac  uint64

	Headers []interface{} // decoded headers, in order
	Payload []byte        // remaining non-header bytes

	IP  *Iphdr  // IP header (for IP packets, after decoding)
	TCP *Tcphdr // TCP header (for TCP packets, after decoding)
	UDP *Udphdr // UDP header (for UDP packets after decoding)

Packet is a single packet parsed from a pcap file.

Convenient access to IP, TCP, and UDP headers is provided after Decode() is called if the packet is of the appropriate type.

func (*Packet) Decode

func (p *Packet) Decode()

Decode decodes the headers of a Packet.

func (*Packet) String

func (p *Packet) String() string

String prints a one-line representation of the packet header. The output is suitable for use in a tcpdump program.

type PacketTime

type PacketTime struct {
	Sec  int32
	Usec int32

func (*PacketTime) Time

func (p *PacketTime) Time() time.Time

Convert the PacketTime to a go Time struct.

type Pcap

type Pcap struct {
	// contains filtered or unexported fields

func Openlive

func Openlive(device string, snaplen int32, promisc bool, timeout_ms int32) (handle *Pcap, err error)

Openlive opens a device and returns a *Pcap handler

func Openoffline

func Openoffline(file string) (handle *Pcap, err error)

func (*Pcap) Close

func (p *Pcap) Close()
func (p *Pcap) Datalink() int

func (*Pcap) Geterror

func (p *Pcap) Geterror() error

func (*Pcap) Getstats

func (p *Pcap) Getstats() (stat *Stat, err error)

func (*Pcap) Inject

func (p *Pcap) Inject(data []byte) (err error)

func (*Pcap) Next

func (p *Pcap) Next() (pkt *Packet)

func (*Pcap) NextEx

func (p *Pcap) NextEx() (pkt *Packet, result int32)
func (p *Pcap) Setdatalink(dlt int) error

func (*Pcap) Setfilter

func (p *Pcap) Setfilter(expr string) (err error)

type Reader

type Reader struct {
	Header FileHeader
	// contains filtered or unexported fields

Reader parses pcap files.

func NewReader

func NewReader(reader io.Reader) (*Reader, error)

NewReader reads pcap data from an io.Reader.

func (*Reader) Next

func (r *Reader) Next() *Packet

Next returns the next packet or nil if no more packets can be read.

type Stat

type Stat struct {
	PacketsReceived  uint32
	PacketsDropped   uint32
	PacketsIfDropped uint32

type Tcphdr

type Tcphdr struct {
	SrcPort    uint16
	DestPort   uint16
	Seq        uint32
	Ack        uint32
	DataOffset uint8
	Flags      uint16
	Window     uint16
	Checksum   uint16
	Urgent     uint16
	Data       []byte

func (*Tcphdr) FlagsString

func (tcp *Tcphdr) FlagsString() string

func (*Tcphdr) String

func (tcp *Tcphdr) String(hdr addrHdr) string

type Udphdr

type Udphdr struct {
	SrcPort  uint16
	DestPort uint16
	Length   uint16
	Checksum uint16

func (*Udphdr) String

func (udp *Udphdr) String(hdr addrHdr) string

type Vlanhdr

type Vlanhdr struct {
	Priority       byte
	DropEligible   bool
	VlanIdentifier int
	Type           int // Not actually part of the vlan header, but the type of the actual packet

func (*Vlanhdr) String

func (v *Vlanhdr) String()

type Writer

type Writer struct {
	// contains filtered or unexported fields

Writer writes a pcap file.

func NewWriter

func NewWriter(writer io.Writer, header *FileHeader) (*Writer, error)

NewWriter creates a Writer that stores output in an io.Writer. The FileHeader is written immediately.

func (*Writer) Write

func (w *Writer) Write(pkt *Packet) error

Writer writes a packet to the underlying writer.


Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL