README

goshark

Build Status GoDoc

Package goshark use tshark to decode IP packet and create data struct to analyse packet.

Dependency
  • tshark
Examples
file := "2.pcap"
d := goshark.NewDecoder()
if err := d.DecodeStart(file); err != nil {
    log.Println("Decode start fail:", err)
    return
}
defer d.DecodeEnd()

f, err := d.NextPacket()
if err != nil {
    log.Println("Get packet fail:", err)
    return
}

key := "igmp.maddr"
value, ok := f.Iskey(key)
if ok {
    fmt.Printf("key: %s\nvalue: %s\n", key, value)
}

Output:

key: igmp.maddr
value: 224.0.0.251

Documentation

Overview

    Package goshark use tshark to decode IP packet and create data struct to analyse packet.

    Example
    Output:
    
    key: igmp.maddr
    value: 224.0.0.251
    

    Index

    Examples

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    This section is empty.

    Types

    type Decoder

    type Decoder struct {
    	// contains filtered or unexported fields
    }

      Decoder packet decoder

      func NewDecoder

      func NewDecoder() (decoder *Decoder)

        NewDecoder Implements Decoder

        func (*Decoder) DecodeAbort

        func (d *Decoder) DecodeAbort() error

          DecodeAbort aborts the ongoing reading and kills tshark process

          func (*Decoder) DecodeEnd

          func (d *Decoder) DecodeEnd() error

            DecodeEnd Close decoding

            func (*Decoder) DecodeStart

            func (d *Decoder) DecodeStart(file string) (err error)

              DecodeStart Start decoding. When finished, should use DecodeEnd to close decoding. Use defer DecodeEnd after DecodeStart success. If can't find tshark tool, will return err.

              Example
              Output:
              
              

              func (*Decoder) DecodeStartWithArgs

              func (d *Decoder) DecodeStartWithArgs(file string, args ...string) (err error)

                DecodeStartWithArgs Start decoding and pass extra arguments to tshark. When finished, should use DecodeEnd to close decoding. Use defer DecodeEnd after DecodeStart success. If can't find tshark tool, will return err.

                func (*Decoder) LoadPacket

                func (d *Decoder) LoadPacket(r io.Reader) (field *Field, err error)

                  LoadPacket Get Field struct from xml data. Xml data is gotten from tshark output. If xml data isn't right, return xml decoding error

                  Example
                  Output:
                  
                  . []
                  . . [igmp]
                  . . . [igmp.type] 22
                  . . . [igmp.maddr] 224.0.0.251
                  

                  func (*Decoder) NextPacket

                  func (d *Decoder) NextPacket() (field *Field, err error)

                    NextPacket Get one packet from Decoder. At the end of file, get error io.EOF with nil field.

                    type Field

                    type Field struct {
                    	Attrs  map[string]string
                    	Childs []*Field
                    	Parent *Field
                    }

                      Field Data struct of IP packet

                      func (Field) Getfield

                      func (field Field) Getfield(key string) (f Field, ok bool)

                        Getfield Get the Field by key in a Field. If key doesn't exist, return ok=false and f=nil

                        func (Field) Iskey

                        func (field Field) Iskey(key string) (value string, ok bool)

                          Iskey Get the value by key in a Field. If key doesn't exist, return ok=false and value=nil

                          func (Field) String

                          func (field Field) String() string

                            Let printout human readable

                            Source Files

                            Directories

                            Path Synopsis