Documentation ¶
Index ¶
- func AddPacketMarker(m Marker) func(*Badcapt) error
- func LowMSSIdentifier(p gopacket.Packet) []string
- func MasscanIdentifier(p gopacket.Packet) []string
- func MiraiIdentifier(p gopacket.Packet) []string
- func SetElastic(client *elastic.Client) func(*Badcapt) error
- func SetElasticDocType(doc string) func(*Badcapt) error
- func SetElasticIndexName(name string) func(*Badcapt) error
- func ZmapIdentifier(p gopacket.Packet) []string
- type Badcapt
- type Marker
- type Record
- type TaggedPacket
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddPacketMarker ¶
AddPacketMarker adds a packet marking routine.
func LowMSSIdentifier ¶ added in v0.3.0
LowMSSIdentifier adds low-mss tag for a packet which TCP Maximum Segment Size is less than 500. This fact indicates potential SACK Panic attack (CVE-2019-11477). Details: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md#1-cve-2019-11477-sack-panic-linux--2629
func MasscanIdentifier ¶
MasscanIdentifier adds masscan tag for a packet which IP ID header = dstip ⊕ dstport ⊕ tcpseq.
func MiraiIdentifier ¶
MiraiIdentifier adds mirai tag for a packet which TCP sequence equals destination IP-address in a decimal format
func SetElastic ¶
SetElastic sets elasticsearch client to export events to.
func SetElasticDocType ¶
SetElasticDocType sets the events documents type.
func SetElasticIndexName ¶
SetElasticIndexName sets an index name where events are going to be written.
func ZmapIdentifier ¶
ZmapIdentifier adds zmap tag for a packet which IP ID header equals 54321.
Types ¶
type Badcapt ¶
type Badcapt struct {
// contains filtered or unexported fields
}
Badcapt defines badcapt configuration
type Record ¶
type Record struct { SrcIP net.IP `json:"src_ip,omitempty"` Protocols []string `json:"protocols,omitempty"` SrcPort uint16 `json:"src_port,omitempty"` DstIP net.IP `json:"dst_ip,omitempty"` DstPort uint16 `json:"dst_port,omitempty"` Timestamp time.Time `json:"date"` Tags []string `json:"tags"` Payload []byte `json:"payload,omitempty"` PayloadString string `json:"payload_str,omitempty"` }
Record contains packet data, that is ready to be exported
func NewRecord ¶
func NewRecord(tp *TaggedPacket) (*Record, error)
NewRecord constructs a record to write to the database
type TaggedPacket ¶
TaggedPacket represents a packet that went through markers.