README
¶
# PCAP [](https://travis-ci.org/miekg/pcap) This is a simple wrapper around libpcap for Go. Originally written by Andreas Krennmair <ak@synflood.at> and only minorly touched up by Mark Smith <mark@qq.is>. Please see the included pcaptest.go and tcpdump.go programs for instructions on how to use this library. Miek Gieben <miek@miek.nl> has created a more Go-like package and replaced functionality with standard functions from the standard library. The package has also been renamed to pcap. ## TODO * Could use some more documentation.
Documentation
¶
Overview ¶
Package pcap is a wrapper around the pcap library.
Index ¶
- Constants
- Variables
- func DatalinkValueToDescription(dlt int) string
- func DatalinkValueToName(dlt int) string
- func Version() string
- type Arphdr
- type FileHeader
- type IFAddress
- type Icmphdr
- type Interface
- type Ip6hdr
- type Iphdr
- type Packet
- type PacketTime
- type Pcap
- func (p *Pcap) Activate() error
- func (p *Pcap) Close()
- func (p *Pcap) Datalink() int
- func (p *Pcap) DumpOpen(ofile *string) (dumper *PcapDumper, err error)
- func (p *Pcap) Geterror() error
- func (p *Pcap) Getstats() (stat *Stat, err error)
- func (p *Pcap) Inject(data []byte) (err error)
- func (p *Pcap) Next() (pkt *Packet)
- func (p *Pcap) NextEx() (pkt *Packet, result int32)
- func (p *Pcap) PcapDump(dumper *PcapDumper, pkthdr_ptr *C.struct_pcap_pkthdr, buf_ptr *C.u_char)
- func (p *Pcap) PcapDumpClose(dumper *PcapDumper)
- func (p *Pcap) PcapDumpFlush(dumper *PcapDumper) error
- func (p *Pcap) PcapLoop(pktnum int, dumper *PcapDumper) (result int32, err error)
- func (p *Pcap) SetBufferSize(sz int32) error
- func (p *Pcap) SetDataLink(dlt int) error
- func (p *Pcap) SetDirection(direction string) (err error)
- func (p *Pcap) SetFilter(expr string) (err error)
- func (p *Pcap) SetPromisc(promisc bool) error
- func (p *Pcap) SetReadTimeout(toMs int32) error
- func (p *Pcap) SetSnapLen(s int32) error
- type PcapDumper
- type Reader
- type Stat
- type Tcphdr
- type Udphdr
- type Writer
Constants ¶
View Source
const ( TYPE_IP = 0x0800 TYPE_ARP = 0x0806 TYPE_IP6 = 0x86DD IP_ICMP = 1 IP_INIP = 4 IP_TCP = 6 IP_UDP = 17 )
View Source
const ( TCPDUMP_MAGIC = 0xa1b2c3d4 KUZNETZOV_TCPDUMP_MAGIC = 0xa1b2cd34 FMESQUITA_TCPDUMP_MAGIC = 0xa1b234cd NAVTEL_TCPDUMP_MAGIC = 0xa12b3c4d NSEC_TCPDUMP_MAGIC = 0xa1b23c4d )
Port from sf-pcap.c file.
View Source
const ( DLT_NULL = 0 // BSD loopback encapsulation DLT_EN10MB = 1 // Ethernet (10Mb) DLT_EN3MB = 2 // Experimental Ethernet (3Mb) DLT_AX25 = 3 // Amateur Radio AX.25 DLT_PRONET = 4 // Proteon ProNET Token Ring DLT_CHAOS = 5 // Chaos DLT_IEEE802 = 6 // 802.5 Token Ring DLT_ARCNET = 7 // ARCNET, with BSD-style header DLT_SLIP = 8 // Serial Line IP DLT_PPP = 9 // Point-to-point Protocol DLT_FDDI = 10 // FDDI )
DLT, these are the types that are the same on all platforms, and that have been defined by <net/bpf.h> for ages.
View Source
const ( ERRBUF_SIZE = 256 // According to pcap-linktype(7). LINKTYPE_NULL = DLT_NULL LINKTYPE_ETHERNET = DLT_EN10MB LINKTYPE_TOKEN_RING = DLT_IEEE802 LINKTYPE_EXP_ETHERNET = DLT_EN3MB /* 3Mb experimental Ethernet */ LINKTYPE_AX25 = DLT_AX25 LINKTYPE_PRONET = DLT_PRONET LINKTYPE_CHAOS = DLT_CHAOS LINKTYPE_ARCNET_BSD = DLT_ARCNET /* BSD-style headers */ LINKTYPE_SLIP = DLT_SLIP LINKTYPE_PPP = DLT_PPP LINKTYPE_FDDI = DLT_FDDI LINKTYPE_ARCNET = 7 LINKTYPE_ATM_RFC1483 = 100 LINKTYPE_RAW = 101 LINKTYPE_PPP_HDLC = 50 LINKTYPE_PPP_ETHER = 51 LINKTYPE_C_HDLC = 104 LINKTYPE_IEEE802_11 = 105 LINKTYPE_FRELAY = 107 LINKTYPE_LOOP = 108 LINKTYPE_LINUX_SLL = 113 LINKTYPE_LTALK = 104 LINKTYPE_PFLOG = 117 LINKTYPE_PRISM_HEADER = 119 LINKTYPE_IP_OVER_FC = 122 LINKTYPE_SUNATM = 123 LINKTYPE_IEEE802_11_RADIO = 127 LINKTYPE_ARCNET_LINUX = 129 LINKTYPE_LINUX_IRDA = 144 LINKTYPE_LINUX_LAPD = 177 )
View Source
const ( TCP_FIN = 1 << iota TCP_SYN TCP_RST TCP_PSH TCP_ACK TCP_URG TCP_ECE TCP_CWR TCP_NS )
Variables ¶
View Source
var GoVersion = "1.0.1"
GoVersion is the version of the pcap Go package.
Functions ¶
func DatalinkValueToName ¶
Types ¶
type Arphdr ¶
type Arphdr struct {
Addrtype uint16
Protocol uint16
HwAddressSize uint8
ProtAddressSize uint8
Operation uint16
SourceHwAddress []byte
SourceProtAddress []byte
DestHwAddress []byte
DestProtAddress []byte
}
Arphdr is a ARP packet header.
type FileHeader ¶
type FileHeader struct {
MagicNumber uint32
VersionMajor uint16
VersionMinor uint16
TimeZone int32
SigFigs uint32
SnapLen uint32
// NOTE: 'Network' property has been changed to `linktype`
// Please see pcap/pcap.h header file.
// Network uint32
LinkType uint32
}
FileHeader is the parsed header of a pcap file. http://wiki.wireshark.org/Development/LibpcapFileFormat
type Icmphdr ¶
func (*Icmphdr) TypeString ¶
type Interface ¶
func FindAllDevs ¶
type Ip6hdr ¶
type Ip6hdr struct {
// http://www.networksorcery.com/enp/protocol/ipv6.htm
Version uint8 // 4 bits
TrafficClass uint8 // 8 bits
FlowLabel uint32 // 20 bits
Length uint16 // 16 bits
NextHeader uint8 // 8 bits, same as Protocol in Iphdr
HopLimit uint8 // 8 bits
SrcIp []byte // 16 bytes
DestIp []byte // 16 bytes
}
type Iphdr ¶
type Iphdr struct {
Version uint8
Ihl uint8
Tos uint8
Length uint16
Id uint16
Flags uint8
FragOffset uint16
Ttl uint8
Protocol uint8
Checksum uint16
SrcIp []byte
DestIp []byte
}
IPhdr is the header of an IP packet.
type Packet ¶
type Packet struct {
// porting from 'pcap_pkthdr' struct
Time time.Time // packet send/receive time
Caplen uint32 // bytes stored in the file (caplen <= len)
Len uint32 // bytes sent/received
Data []byte // packet data
Type int // protocol type, see LINKTYPE_*
DestMac uint64
SrcMac uint64
Headers []interface{} // decoded headers, in order
Payload []byte // remaining non-header bytes
}
Packet is a single packet parsed from a pcap file.
type PacketTime ¶
type Pcap ¶
type Pcap struct {
// contains filtered or unexported fields
}
func OpenLive ¶
func OpenLive(device string, snaplen int32, promisc bool, timeout_ms int32) (handle *Pcap, err error)
OpenLive opens a device and returns a handler.
func (*Pcap) Activate ¶
Activate a packet capture handle to look at packets on the network, with the options that were set on the handle being in effect.
func (*Pcap) PcapDump ¶
func (p *Pcap) PcapDump(dumper *PcapDumper, pkthdr_ptr *C.struct_pcap_pkthdr, buf_ptr *C.u_char)
func (*Pcap) PcapDumpClose ¶
func (p *Pcap) PcapDumpClose(dumper *PcapDumper)
func (*Pcap) PcapDumpFlush ¶
func (p *Pcap) PcapDumpFlush(dumper *PcapDumper) error
func (*Pcap) PcapLoop ¶
func (p *Pcap) PcapLoop(pktnum int, dumper *PcapDumper) (result int32, err error)
func (*Pcap) SetBufferSize ¶
Set buffer size (units in bytes) on activated handle.
func (*Pcap) SetDataLink ¶
func (*Pcap) SetDirection ¶
func (*Pcap) SetPromisc ¶
If arg p is non-zero promiscuous mode will be set on capture handle when it is activated.
func (*Pcap) SetReadTimeout ¶
Set read timeout (milliseconds) that will be used on a capture handle when it is activated.
func (*Pcap) SetSnapLen ¶
type PcapDumper ¶
type PcapDumper struct {
// contains filtered or unexported fields
}
type Reader ¶
type Reader struct {
Header FileHeader
// contains filtered or unexported fields
}
Reader parses pcap files.
type Tcphdr ¶
type Tcphdr struct {
SrcPort uint16
DestPort uint16
Seq uint32
Ack uint32
DataOffset uint8
Flags uint16
Window uint16
Checksum uint16
Urgent uint16
Data []byte
}
func (*Tcphdr) FlagsString ¶
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.