Documentation ¶
Overview ¶
Package goshark use tshark to decode IP packet and create data struct to analyse packet.
Example ¶
package main import ( "fmt" "log" "github.com/sunwxg/goshark" ) func main() { file := "2.pcap" d := goshark.NewDecoder() if err := d.DecodeStart(file); err != nil { log.Println("Decode start fail:", err) return } defer d.DecodeEnd() f, err := d.NextPacket() if err != nil { log.Println("Get packet fail:", err) return } key := "igmp.maddr" value, ok := f.Iskey(key) if ok { fmt.Printf("key: %s\nvalue: %s\n", key, value) } }
Output: key: igmp.maddr value: 224.0.0.251
Index ¶
- type Decoder
- func (d *Decoder) DecodeAbort() error
- func (d *Decoder) DecodeEnd() error
- func (d *Decoder) DecodeStart(file string) (err error)
- func (d *Decoder) DecodeStartWithArgs(file string, args ...string) (err error)
- func (d *Decoder) LoadPacket(r io.Reader) (field *Field, err error)
- func (d *Decoder) NextPacket() (field *Field, err error)
- type Field
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Decoder ¶
type Decoder struct {
// contains filtered or unexported fields
}
Decoder packet decoder
func (*Decoder) DecodeAbort ¶
DecodeAbort aborts the ongoing reading and kills tshark process
func (*Decoder) DecodeStart ¶
DecodeStart Start decoding. When finished, should use DecodeEnd to close decoding. Use defer DecodeEnd after DecodeStart success. If can't find tshark tool, will return err.
Example ¶
package main import ( "log" "github.com/sunwxg/goshark" ) func main() { d := goshark.NewDecoder() if err := d.DecodeStart("input_file"); err != nil { log.Fatalf("Decode start fail: %s", err) } defer d.DecodeEnd() }
Output:
func (*Decoder) DecodeStartWithArgs ¶
DecodeStartWithArgs Start decoding and pass extra arguments to tshark. When finished, should use DecodeEnd to close decoding. Use defer DecodeEnd after DecodeStart success. If can't find tshark tool, will return err.
func (*Decoder) LoadPacket ¶
LoadPacket Get Field struct from xml data. Xml data is gotten from tshark output. If xml data isn't right, return xml decoding error
Example ¶
package main import ( "bytes" "fmt" "log" "github.com/sunwxg/goshark" ) func main() { data := ` <packet> <proto name="igmp"> <field name="igmp.type" show="22"/> <field name="igmp.maddr" show="224.0.0.251"/> </proto> </packet> ` d := goshark.NewDecoder() r := bytes.NewReader([]byte(data)) f, err := d.LoadPacket(r) if err != nil { log.Fatalf("load packet fail") } fmt.Printf("%s", f) }
Output: . [] . . [igmp] . . . [igmp.type] 22 . . . [igmp.maddr] 224.0.0.251
func (*Decoder) NextPacket ¶
NextPacket Get one packet from Decoder. At the end of file, get error io.EOF with nil field.