README
¶
Simple packet capture tool
work in progress
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewPcapWriter ¶
Types ¶
type ARPPacket ¶
type ARPPacket struct {
HardwareType uint16 // Network link protocol type.
ProtocolType uint16 // Internetwork protocol for which the ARP request is intended.
Hlen uint8 // Length (in octets) of a hardware address.
Plen uint8 // Length (in octets) of internetwork addresses.
Op uint16 // Specifies the operation that the sender is performing.
// Media address of the sender. In an ARP request this field is used to indicate
// the address of the host sending the request. In an ARP reply this field is used
// to indicate the address of the host that the request was looking for.
SenderMAC net.HardwareAddr
SenderIP netip.Addr // Internetwork address of the sender.
// Media address of the intended receiver. In an ARP request this field is ignored.
// In an ARP reply this field is used to indicate the address of the host that originated the ARP request.
TargetMAC net.HardwareAddr
TargetIP netip.Addr // Internetwork address of the intended receiver.
}
The Address Resolution Protocol (ARP) is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. Defined in RFC 826.
type Config ¶
type Config struct {
Iface string // The name of the network interface ("any" means listen on all interfaces).
Snaplen int32 // The maximum length of each packet snapshot. Defaults to 65535.
Promisc bool // Promiscuous mode. This setting is ignored for "any" interface.
Timeout time.Duration // The maximum duration of the packet capture process.
PacketCount int // The maximum number of packets to capture.
Expr string // BPF filter expression.
Path string // File path to write captured packet data to.
Pcap bool // Whether to create PCAP file.
PcapPath string // Path to a PCAP file. Defaults to "minishark.pcap" in the current working directory.
}
type EthernetFrame ¶
type EthernetFrame struct {
DstMAC net.HardwareAddr // MAC address of the destination device.
SrcMAC net.HardwareAddr // MAC address of the source device.
EtherType uint16 // The protocol of the upper layer.
Payload []byte
}
An Ethernet frame is a data link layer protocol data unit.
func (*EthernetFrame) NextLayer ¶
func (ef *EthernetFrame) NextLayer() string
NextLayer returns the name of the next layer protocol based on the EtherType field of the EthernetFrame.
func (*EthernetFrame) Parse ¶
func (ef *EthernetFrame) Parse(data []byte) error
Parse parses the given byte data into an Ethernet frame.
func (*EthernetFrame) String ¶
func (ef *EthernetFrame) String() string
type ICMPSegment ¶
type ICMPSegment struct {
Type uint8 // ICMP type.
Code uint8 // ICMP subtype.
// Internet checksum (RFC 1071) for error checking, calculated from the ICMP header
// and data with value 0 substituted for this field.
Checksum uint16
Payload []byte // Contents vary based on the ICMP type and code.
}
ICMP is part of the Internet protocol suite as defined in RFC 792.
func (*ICMPSegment) Parse ¶
func (i *ICMPSegment) Parse(data []byte) error
Parse parses the given byte data into an ICMP segment struct.
func (*ICMPSegment) String ¶
func (i *ICMPSegment) String() string
type ICMPv6Segment ¶
ICMPv6 is an integral part of IPv6 and performs error reporting and diagnostic functions.
func (*ICMPv6Segment) Parse ¶
func (i *ICMPv6Segment) Parse(data []byte) error
Parse parses the given byte data into an ICMPv6 segment struct.
func (*ICMPv6Segment) String ¶
func (i *ICMPv6Segment) String() string
type IPv4Packet ¶
type IPv4Packet struct {
Version uint8 // 4 bits version (for IPv4, this is always equal to 4).
IHL uint8 // 4 bits size of header (number of 32-bit words).
DSCP uint8 // 6 bits specifies differentiated services.
ECN uint8 // 2 bits end-to-end notification of network congestion without dropping packets.
TotalLength uint16 // 16 bits defines the entire packet size in bytes, including header and data.
Identification uint16 // 16 bits identifies the group of fragments of a single IP datagram.
Flags uint8 // 3 bits used to control or identify fragments.
FragmentOffset uint16 // 13 bits offset of a particular fragment.
TTL uint8 // 8 bits limits a datagram's lifetime to prevent network failure.
Protocol uint8 // 8 bits defines the protocol used in the data portion of the IP datagram.
HeaderChecksum uint16 // 16 bits used for error checking of the header.
SrcIP netip.Addr // IPv4 address of the sender of the packet.
DstIP netip.Addr // IPv4 address of the receiver of the packet.
Options []byte // if ihl > 5
Payload []byte
}
Internet Protocol version 4 is described in IETF publication RFC 791.
func (*IPv4Packet) NextLayer ¶
func (p *IPv4Packet) NextLayer() string
func (*IPv4Packet) Parse ¶
func (p *IPv4Packet) Parse(data []byte) error
Parse parses the given byte data into an IPv4 packet struct.
func (*IPv4Packet) String ¶
func (p *IPv4Packet) String() string
type IPv6Packet ¶
type IPv6Packet struct {
Version uint8 // 4 bits version field (for IPv6, this is always equal to 6).
TrafficClass uint8 // 6 + 2 bits holds DS and ECN values.
FlowLabel uint32 // 20 bits high-entropy identifier of a flow of packets between a source and destination.
PayloadLength uint16 // 16 bits the size of the payload in octets, including any extension headers.
NextHeader uint8 // 8 bits specifies the type of the next header.
// 8 bits replaces the time to live field in IPv4. This value is decremented by one at each forwarding node
// and the packet is discarded if it becomes 0. However, the destination node should process the packet normally
// even if received with a hop limit of 0.
HopLimit uint8
SrcIP netip.Addr // The unicast IPv6 address of the sending node.
DstIP netip.Addr // The IPv6 unicast or multicast address of the destination node(s).
Payload []byte
}
An IPv6 packet is the smallest message entity exchanged using Internet Protocol version 6 (IPv6). IPv6 protocol defined in RFC 2460.
func (*IPv6Packet) NextLayer ¶
func (p *IPv6Packet) NextLayer() string
NextLayer returns the type of the next header.
func (*IPv6Packet) Parse ¶
func (p *IPv6Packet) Parse(data []byte) error
Parse parses the given byte data into an IPv6 packet struct.
func (*IPv6Packet) String ¶
func (p *IPv6Packet) String() string
type TCPSegment ¶
type TCPSegment struct {
SrcPort uint16 // Identifies the sending port.
DstPort uint16 // Identifies the receiving port.
// If the SYN flag is set (1), then this is the initial sequence number. The sequence number of the actual
// first data byte and the acknowledged number in the corresponding ACK are then this sequence number plus 1.
// If the SYN flag is unset (0), then this is the accumulated sequence number of the first data byte of this
// segment for the current session.
SeqNumber uint32
// If the ACK flag is set, the value is the next sequence number that the sender of the ACK is expecting.
AckNumber uint32
DataOffset uint8 // 4 bits specifies the size of the TCP header in 32-bit words.
Reserved uint8 // 4 bits reserved for future use and should be set to zero.
Flags uint8 // Contains 8 1-bit flags (control bits)
// The size of the receive window, which specifies the number of window size units[b] that the sender of
// this segment is currently willing to receive.
WindowSize uint16
// The 16-bit checksum field is used for error-checking of the TCP header, the payload and an IP pseudo-header.
Checksum uint16
// If the URG flag is set, then this 16-bit field is an offset from the sequence number
// indicating the last urgent data byte.
UrgentPointer uint16
Options []byte // The length of this field is determined by the data offset field.
}
TCP protocol is described in RFC 761.
func (*TCPSegment) NextLayer ¶
func (t *TCPSegment) NextLayer() string
func (*TCPSegment) Parse ¶
func (t *TCPSegment) Parse(data []byte) error
Parse parses the given byte data into a TCPSegment struct.
func (*TCPSegment) String ¶
func (t *TCPSegment) String() string
type UDPSegment ¶
type UDPSegment struct {
SrcPort uint16 // Identifies the sending port.
DstPort uint16 // Identifies the receiving port.
UDPLength uint16 // Specifies the length in bytes of the UDP header and UDP data.
Checksum uint16 // The checksum field may be used for error-checking of the header and data.
Payload []byte
}
UDP protocol is defined in RFC 768.
func (*UDPSegment) NextLayer ¶
func (u *UDPSegment) NextLayer() string
func (*UDPSegment) Parse ¶
func (u *UDPSegment) Parse(data []byte) error
Parse parses the given byte data into a UDPSegment struct.
func (*UDPSegment) String ¶
func (u *UDPSegment) String() string
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.