pcap: github.com/miekg/pcap Index | Files | Directories

package pcap

import "github.com/miekg/pcap"

Package pcap is a wrapper around the pcap library.

Index

Package Files

decode.go io.go packet.go pcap.go

Constants

const (
    TYPE_IP  = 0x0800
    TYPE_ARP = 0x0806
    TYPE_IP6 = 0x86DD

    IP_ICMP = 1
    IP_INIP = 4
    IP_TCP  = 6
    IP_UDP  = 17
)
const (
    TCPDUMP_MAGIC           = 0xa1b2c3d4
    KUZNETZOV_TCPDUMP_MAGIC = 0xa1b2cd34
    FMESQUITA_TCPDUMP_MAGIC = 0xa1b234cd
    NAVTEL_TCPDUMP_MAGIC    = 0xa12b3c4d
    NSEC_TCPDUMP_MAGIC      = 0xa1b23c4d
)

Port from sf-pcap.c file.

const (
    DLT_NULL    = 0  // BSD loopback encapsulation
    DLT_EN10MB  = 1  // Ethernet (10Mb)
    DLT_EN3MB   = 2  // Experimental Ethernet (3Mb)
    DLT_AX25    = 3  // Amateur Radio AX.25
    DLT_PRONET  = 4  // Proteon ProNET Token Ring
    DLT_CHAOS   = 5  // Chaos
    DLT_IEEE802 = 6  // 802.5 Token Ring
    DLT_ARCNET  = 7  // ARCNET, with BSD-style header
    DLT_SLIP    = 8  // Serial Line IP
    DLT_PPP     = 9  // Point-to-point Protocol
    DLT_FDDI    = 10 // FDDI
)

DLT, these are the types that are the same on all platforms, and that have been defined by <net/bpf.h> for ages.

const (
    ERRBUF_SIZE = 256

    // According to pcap-linktype(7).
    LINKTYPE_NULL       = DLT_NULL
    LINKTYPE_ETHERNET   = DLT_EN10MB
    LINKTYPE_TOKEN_RING = DLT_IEEE802

    LINKTYPE_EXP_ETHERNET = DLT_EN3MB /* 3Mb experimental Ethernet */
    LINKTYPE_AX25         = DLT_AX25
    LINKTYPE_PRONET       = DLT_PRONET
    LINKTYPE_CHAOS        = DLT_CHAOS
    LINKTYPE_ARCNET_BSD   = DLT_ARCNET /* BSD-style headers */
    LINKTYPE_SLIP         = DLT_SLIP
    LINKTYPE_PPP          = DLT_PPP
    LINKTYPE_FDDI         = DLT_FDDI

    LINKTYPE_ARCNET           = 7
    LINKTYPE_ATM_RFC1483      = 100
    LINKTYPE_RAW              = 101
    LINKTYPE_PPP_HDLC         = 50
    LINKTYPE_PPP_ETHER        = 51
    LINKTYPE_C_HDLC           = 104
    LINKTYPE_IEEE802_11       = 105
    LINKTYPE_FRELAY           = 107
    LINKTYPE_LOOP             = 108
    LINKTYPE_LINUX_SLL        = 113
    LINKTYPE_LTALK            = 104
    LINKTYPE_PFLOG            = 117
    LINKTYPE_PRISM_HEADER     = 119
    LINKTYPE_IP_OVER_FC       = 122
    LINKTYPE_SUNATM           = 123
    LINKTYPE_IEEE802_11_RADIO = 127
    LINKTYPE_ARCNET_LINUX     = 129
    LINKTYPE_LINUX_IRDA       = 144
    LINKTYPE_LINUX_LAPD       = 177
)
const (
    TCP_FIN = 1 << iota
    TCP_SYN
    TCP_RST
    TCP_PSH
    TCP_ACK
    TCP_URG
    TCP_ECE
    TCP_CWR
    TCP_NS
)

func DatalinkValueToDescription

func DatalinkValueToDescription(dlt int) string

func DatalinkValueToName

func DatalinkValueToName(dlt int) string

func FindAllDevs

func FindAllDevs() (ifs []Interface, err string)

func Version

func Version() string

type Arphdr

type Arphdr struct {
    Addrtype          uint16
    Protocol          uint16
    HwAddressSize     uint8
    ProtAddressSize   uint8
    Operation         uint16
    SourceHwAddress   []byte
    SourceProtAddress []byte
    DestHwAddress     []byte
    DestProtAddress   []byte
}

Arphdr is a ARP packet header.

func (*Arphdr) String

func (arp *Arphdr) String() (s string)

type FileHeader

type FileHeader struct {
    MagicNumber  uint32
    VersionMajor uint16
    VersionMinor uint16
    TimeZone     int32
    SigFigs      uint32
    SnapLen      uint32

    // NOTE: 'Network' property has been changed to `linktype`
    // Please see pcap/pcap.h header file.
    //     Network      uint32
    LinkType uint32
}

FileHeader is the parsed header of a pcap file. http://wiki.wireshark.org/Development/LibpcapFileFormat

type IFAddress

type IFAddress struct {
    IP      net.IP
    Netmask net.IPMask
}

type Icmphdr

type Icmphdr struct {
    Type     uint8
    Code     uint8
    Checksum uint16
    Id       uint16
    Seq      uint16
    Data     []byte
}

func (*Icmphdr) String

func (icmp *Icmphdr) String(hdr addrHdr) string

func (*Icmphdr) TypeString

func (icmp *Icmphdr) TypeString() (result string)

type Interface

type Interface struct {
    Name        string
    Description string
    Addresses   []IFAddress
}

type Ip6hdr

type Ip6hdr struct {
    // http://www.networksorcery.com/enp/protocol/ipv6.htm
    Version      uint8  // 4 bits
    TrafficClass uint8  // 8 bits
    FlowLabel    uint32 // 20 bits
    Length       uint16 // 16 bits
    NextHeader   uint8  // 8 bits, same as Protocol in Iphdr
    HopLimit     uint8  // 8 bits
    SrcIp        []byte // 16 bytes
    DestIp       []byte // 16 bytes
}

func (*Ip6hdr) DestAddr

func (ip6 *Ip6hdr) DestAddr() string

func (*Ip6hdr) Len

func (ip6 *Ip6hdr) Len() int

func (*Ip6hdr) SrcAddr

func (ip6 *Ip6hdr) SrcAddr() string

type Iphdr

type Iphdr struct {
    Version    uint8
    Ihl        uint8
    Tos        uint8
    Length     uint16
    Id         uint16
    Flags      uint8
    FragOffset uint16
    Ttl        uint8
    Protocol   uint8
    Checksum   uint16
    SrcIp      []byte
    DestIp     []byte
}

IPhdr is the header of an IP packet.

func (*Iphdr) DestAddr

func (ip *Iphdr) DestAddr() string

func (*Iphdr) Len

func (ip *Iphdr) Len() int

func (*Iphdr) SrcAddr

func (ip *Iphdr) SrcAddr() string

type Packet

type Packet struct {
    // porting from 'pcap_pkthdr' struct
    Time   time.Time // packet send/receive time
    Caplen uint32    // bytes stored in the file (caplen <= len)
    Len    uint32    // bytes sent/received

    Data []byte // packet data

    Type    int // protocol type, see LINKTYPE_*
    DestMac uint64
    SrcMac  uint64

    Headers []interface{} // decoded headers, in order
    Payload []byte        // remaining non-header bytes
}

Packet is a single packet parsed from a pcap file.

func (*Packet) Decode

func (p *Packet) Decode()

Decode decodes the headers of a Packet.

func (*Packet) String

func (p *Packet) String() string

String prints a one-line representation of the packet header. The output is suitable for use in a tcpdump program.

type PacketTime

type PacketTime struct {
    Sec  int32
    Usec int32
}

type Pcap

type Pcap struct {
    // contains filtered or unexported fields
}

func Create

func Create(device string) (handle *Pcap, err error)

func OpenLive

func OpenLive(device string, snaplen int32, promisc bool, timeout_ms int32) (handle *Pcap, err error)

OpenLive opens a device and returns a handler.

func OpenOffline

func OpenOffline(file string) (handle *Pcap, err error)

Openoffline

func (*Pcap) Activate

func (p *Pcap) Activate() error

Activate a packet capture handle to look at packets on the network, with the options that were set on the handle being in effect.

func (*Pcap) Close

func (p *Pcap) Close()

Pcap closes a handler.

func (p *Pcap) Datalink() int

func (*Pcap) DumpOpen

func (p *Pcap) DumpOpen(ofile *string) (dumper *PcapDumper, err error)

func (*Pcap) Geterror

func (p *Pcap) Geterror() error

func (*Pcap) Getstats

func (p *Pcap) Getstats() (stat *Stat, err error)

func (*Pcap) Inject

func (p *Pcap) Inject(data []byte) (err error)

Inject ...

func (*Pcap) Next

func (p *Pcap) Next() (pkt *Packet)

func (*Pcap) NextEx

func (p *Pcap) NextEx() (pkt *Packet, result int32)

func (*Pcap) PcapDump

func (p *Pcap) PcapDump(dumper *PcapDumper, pkthdr_ptr *C.struct_pcap_pkthdr, buf_ptr *C.u_char)

func (*Pcap) PcapDumpClose

func (p *Pcap) PcapDumpClose(dumper *PcapDumper)

func (*Pcap) PcapDumpFlush

func (p *Pcap) PcapDumpFlush(dumper *PcapDumper) error

func (*Pcap) PcapLoop

func (p *Pcap) PcapLoop(pktnum int, dumper *PcapDumper) (result int32, err error)

func (*Pcap) SetBufferSize

func (p *Pcap) SetBufferSize(sz int32) error

Set buffer size (units in bytes) on activated handle.

func (p *Pcap) SetDataLink(dlt int) error

func (*Pcap) SetDirection

func (p *Pcap) SetDirection(direction string) (err error)

func (*Pcap) SetFilter

func (p *Pcap) SetFilter(expr string) (err error)

func (*Pcap) SetPromisc

func (p *Pcap) SetPromisc(promisc bool) error

If arg p is non-zero promiscuous mode will be set on capture handle when it is activated.

func (*Pcap) SetReadTimeout

func (p *Pcap) SetReadTimeout(toMs int32) error

Set read timeout (milliseconds) that will be used on a capture handle when it is activated.

func (*Pcap) SetSnapLen

func (p *Pcap) SetSnapLen(s int32) error

type PcapDumper

type PcapDumper struct {
    // contains filtered or unexported fields
}

type Reader

type Reader struct {
    Header FileHeader
    // contains filtered or unexported fields
}

Reader parses pcap files.

func NewReader

func NewReader(reader io.Reader) (*Reader, error)

NewReader reads pcap data from an io.Reader.

func (*Reader) Next

func (r *Reader) Next() *Packet

Next returns the next packet or nil if no more packets can be read.

type Stat

type Stat struct {
    PacketsReceived  uint32
    PacketsDropped   uint32
    PacketsIfDropped uint32
}

type Tcphdr

type Tcphdr struct {
    SrcPort    uint16
    DestPort   uint16
    Seq        uint32
    Ack        uint32
    DataOffset uint8
    Flags      uint16
    Window     uint16
    Checksum   uint16
    Urgent     uint16
    Data       []byte
}

func (*Tcphdr) FlagsString

func (tcp *Tcphdr) FlagsString() string

func (*Tcphdr) String

func (tcp *Tcphdr) String(hdr addrHdr) string

type Udphdr

type Udphdr struct {
    SrcPort  uint16
    DestPort uint16
    Length   uint16
    Checksum uint16
}

func (*Udphdr) String

func (udp *Udphdr) String(hdr addrHdr) string

type Writer

type Writer struct {
    // contains filtered or unexported fields
}

Writer writes a pcap file.

func NewWriter

func NewWriter(writer io.Writer, header *FileHeader) (*Writer, error)

NewWriter creates a Writer that stores output in an io.Writer. The FileHeader is written immediately.

func (*Writer) Write

func (w *Writer) Write(pkt *Packet) error

Writer writes a packet to the underlying writer.

Directories

PathSynopsis
tools/pass
tools/pcaptest
tools/tcpdump

Package pcap imports 11 packages (graph) and is imported by 3 packages. Updated 2014-02-26. Refresh now. Tools for package owners.