analyzer

package
Version: v0.0.0-...-c98a189 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 27, 2020 License: MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// OPSessionRequest for session starts
	OPSessionRequest = byte(0x01)

	// OPSessionResponse packet
	OPSessionResponse = byte(0x02)
	// OPCombined packet
	OPCombined = byte(0x03)
	// OPSessionDisconnect packet
	OPSessionDisconnect = byte(0x05)
	// OPKeepAlive packet
	OPKeepAlive = byte(0x06)
	// OPSessionStatRequest packet
	OPSessionStatRequest = byte(0x07)
	// OPSessionStatResponse packet
	OPSessionStatResponse = byte(0x08)
	// OPPacket packet
	OPPacket = byte(0x09)
	// OPOversized packet
	OPOversized = byte(0x0d)
	// OPAckFuture packet
	OPAckFuture = byte(0x11)
	// OPAck packet
	OPAck = byte(0x15)
	// OPAppCombined packet
	OPAppCombined = byte(0x19)
	// OPAckAfterDisconnect packet
	OPAckAfterDisconnect = byte(0x1d)
	// OPSixty packet
	OPSixty = byte(0x60)
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Analyzer

type Analyzer struct {
	FragmentSize    uint16
	FragmentMaxSize uint32
	Fragments       map[uint16][]byte
	Debug           bool
	GoDump          bool
	HexDump         bool
	OpCodes         []*SEQOPCodeXML
}

Analyzer represents an analyzer parser

func New

func New() (*Analyzer, error)

New creates a new Analyzer

func (*Analyzer) Dump

func (a *Analyzer) Dump(data []byte) (output string)

Dump will either export information as Go type data or a hex dump

func (*Analyzer) PacketStep1

func (a *Analyzer) PacketStep1(psPacket gopacket.Packet) ([]*EQPacket, error)

PacketStep1 begins processing a packet step1: break down dst/src, figure out if compressed

type EQPacket

type EQPacket struct {
	OpCode        uint16
	OpCodeLabel   string
	SourceIP      net.IP
	ClientPort    string
	DestinationIP net.IP
	Data          []byte
	Timestamp     time.Time
}

EQPacket represents a completed EQ packet

func (*EQPacket) IsFromServer

func (packet *EQPacket) IsFromServer() bool

IsFromServer returns true if dstIP is a private ip address

func (*EQPacket) String

func (packet *EQPacket) String() string

type Fragment

type Fragment struct {
	CreateDate time.Time
	Data       []byte
}

Fragment is partial packets received

type SEQOPCodeXML

type SEQOPCodeXML struct {
	XMLName xml.Name `xml:"seqopcodes"`
	Text    string   `xml:",chardata"`
	Opcodes []struct {
		Op      uint16
		Text    string `xml:",chardata"`
		ID      string `xml:"id,attr"`
		Name    string `xml:"name,attr"`
		Updated string `xml:"updated,attr"`
		Update  string `xml:"update,attr"`
		Comment struct {
			Text    string `xml:",chardata"`
			Payload struct {
				Text          string `xml:",chardata"`
				Dir           string `xml:"dir,attr"`
				Typename      string `xml:"typename,attr"`
				Sizechecktype string `xml:"sizechecktype,attr"`
			} `xml:"payload"`
		} `xml:"comment"`
		Payload []struct {
			Text          string `xml:",chardata"`
			Dir           string `xml:"dir,attr"`
			Typename      string `xml:"typename,attr"`
			Sizechecktype string `xml:"sizechecktype,attr"`
		} `xml:"payload"`
	} `xml:"opcode"`
}

SEQOPCodeXML is parsed from ShowEQ

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL