README

golibwireshark

GoDoc

Package golibwireshark use libwireshark library to decode pcap file and analyse dissection data.

This package can only be used in OS linux with CPU x86_64. If you want to use it on other CPU structure, you need compile library in libs folder from source code.

Dependencies
  • libwireshark library (version 1.12.8)

  • libglib2.0

Install
  • ubuntu
apt-get install libglib2.0-dev
go get github.com/sunwxg/golibwireshark

cd $GOPATH/src/github.com/sunwxg/golibwireshark
cat libs/libwireshark.{00,01,02,03} > libs/libwireshark.so
chmod 775 libs/libwireshark.so

go build
go test
Examples
file := "1.pcap"
outfile := "o.pcap"
key := "ip.addr"

err := golibwireshark.Init(file, outfile)
if err != nil {
	fmt.Printf("open file failed\n")
	return
}
defer golibwireshark.Clean()

var p golibwireshark.Packet

for {
	p.GetPacket()
	if p.Edt == nil {
		break
	}

	if _, ok := p.IsKey(key); ok {
		p.WriteToFile()
	}

	p.FreePacket()
}

Documentation

Overview

    Package golibwireshark use libwireshark library to decode pcap file and analyse dissection data.

    Example
    Output:
    
    

    Index

    Examples

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    func Clean

    func Clean()

      Clean to end the dissection.

      func CloseInputFile

      func CloseInputFile()

        CloseInputFile close input file. Using ReOpenInputFile to open a new input file.

        func CloseOutputFile

        func CloseOutputFile()

          CloseOutputFile close output file. Using ReOpenOutputFile to open a new output file.

          func Init

          func Init(inputfile, outputfile string) error

            Init initializing the dissection. If opening inputfile or savefile fail, return err. After dissection finish, should use Clean() to end the dissection.

            func ReOpenInputFile

            func ReOpenInputFile(filename string) error

              ReOpenInputFile open a new input file after CloseInputFile. If open file failed, return error.

              func ReOpenOutputFile

              func ReOpenOutputFile(filename string) error

                ReOpenOutputFile open a new output file after CloseOutputFile. if open file failed, return error.

                Types

                type Packet

                type Packet struct {
                	Edt   *C.struct_epan_dissect //packet data index after dissected
                	Field *C.struct__proto_node  //packet field index
                }

                  Packet data index after dissection

                  func (*Packet) FreePacket

                  func (p *Packet) FreePacket()

                    FreePacket to release packet memory

                    func (*Packet) GetField

                    func (p *Packet) GetField(key string) bool

                      GetField get field index by key. If key exists, return true, Field item equal index, otherwise return false and Field item equal nil.

                      func (*Packet) GetPacket

                      func (p *Packet) GetPacket()

                        GetPacket get one packet data index which has been dissected. If no more packet to be dissected, Edt return nil. After analysing packet data, should use FreePacket() to free packet data.

                        func (Packet) IsKey

                        func (p Packet) IsKey(key string) (values []string, ok bool)

                          IsKey find a key in packet dissection data. If key exists, ok=ture, value is key value, otherwise ok=false.

                          func (Packet) String

                          func (p Packet) String() string

                            String do human readable printout. If Field equal nil, print out the packet. If Field doesn't equal nil, print out the Field.

                            func (*Packet) WriteToFile

                            func (p *Packet) WriteToFile() error

                              WriteToFile write a packet to file. If Output file are not initialized, return error.

                              Directories

                              Path Synopsis
                              example