import "github.com/miekg/pcap"
Package pcap is a wrapper around the pcap library.
decode.go io.go packet.go pcap.go
const (
TYPE_IP = 0x0800
TYPE_ARP = 0x0806
TYPE_IP6 = 0x86DD
IP_ICMP = 1
IP_INIP = 4
IP_TCP = 6
IP_UDP = 17
)const (
TCPDUMP_MAGIC = 0xa1b2c3d4
KUZNETZOV_TCPDUMP_MAGIC = 0xa1b2cd34
FMESQUITA_TCPDUMP_MAGIC = 0xa1b234cd
NAVTEL_TCPDUMP_MAGIC = 0xa12b3c4d
NSEC_TCPDUMP_MAGIC = 0xa1b23c4d
)Port from sf-pcap.c file.
const (
DLT_NULL = 0 // BSD loopback encapsulation
DLT_EN10MB = 1 // Ethernet (10Mb)
DLT_EN3MB = 2 // Experimental Ethernet (3Mb)
DLT_AX25 = 3 // Amateur Radio AX.25
DLT_PRONET = 4 // Proteon ProNET Token Ring
DLT_CHAOS = 5 // Chaos
DLT_IEEE802 = 6 // 802.5 Token Ring
DLT_ARCNET = 7 // ARCNET, with BSD-style header
DLT_SLIP = 8 // Serial Line IP
DLT_PPP = 9 // Point-to-point Protocol
DLT_FDDI = 10 // FDDI
)DLT, these are the types that are the same on all platforms, and that have been defined by <net/bpf.h> for ages.
const (
ERRBUF_SIZE = 256
// According to pcap-linktype(7).
LINKTYPE_NULL = DLT_NULL
LINKTYPE_ETHERNET = DLT_EN10MB
LINKTYPE_TOKEN_RING = DLT_IEEE802
LINKTYPE_EXP_ETHERNET = DLT_EN3MB /* 3Mb experimental Ethernet */
LINKTYPE_AX25 = DLT_AX25
LINKTYPE_PRONET = DLT_PRONET
LINKTYPE_CHAOS = DLT_CHAOS
LINKTYPE_ARCNET_BSD = DLT_ARCNET /* BSD-style headers */
LINKTYPE_SLIP = DLT_SLIP
LINKTYPE_PPP = DLT_PPP
LINKTYPE_FDDI = DLT_FDDI
LINKTYPE_ARCNET = 7
LINKTYPE_ATM_RFC1483 = 100
LINKTYPE_RAW = 101
LINKTYPE_PPP_HDLC = 50
LINKTYPE_PPP_ETHER = 51
LINKTYPE_C_HDLC = 104
LINKTYPE_IEEE802_11 = 105
LINKTYPE_FRELAY = 107
LINKTYPE_LOOP = 108
LINKTYPE_LINUX_SLL = 113
LINKTYPE_LTALK = 104
LINKTYPE_PFLOG = 117
LINKTYPE_PRISM_HEADER = 119
LINKTYPE_IP_OVER_FC = 122
LINKTYPE_SUNATM = 123
LINKTYPE_IEEE802_11_RADIO = 127
LINKTYPE_ARCNET_LINUX = 129
LINKTYPE_LINUX_IRDA = 144
LINKTYPE_LINUX_LAPD = 177
)type Arphdr struct {
Addrtype uint16
Protocol uint16
HwAddressSize uint8
ProtAddressSize uint8
Operation uint16
SourceHwAddress []byte
SourceProtAddress []byte
DestHwAddress []byte
DestProtAddress []byte
}Arphdr is a ARP packet header.
type FileHeader struct {
MagicNumber uint32
VersionMajor uint16
VersionMinor uint16
TimeZone int32
SigFigs uint32
SnapLen uint32
// NOTE: 'Network' property has been changed to `linktype`
// Please see pcap/pcap.h header file.
// Network uint32
LinkType uint32
}FileHeader is the parsed header of a pcap file. http://wiki.wireshark.org/Development/LibpcapFileFormat
type Ip6hdr struct {
// http://www.networksorcery.com/enp/protocol/ipv6.htm
Version uint8 // 4 bits
TrafficClass uint8 // 8 bits
FlowLabel uint32 // 20 bits
Length uint16 // 16 bits
NextHeader uint8 // 8 bits, same as Protocol in Iphdr
HopLimit uint8 // 8 bits
SrcIp []byte // 16 bytes
DestIp []byte // 16 bytes
}type Iphdr struct {
Version uint8
Ihl uint8
Tos uint8
Length uint16
Id uint16
Flags uint8
FragOffset uint16
Ttl uint8
Protocol uint8
Checksum uint16
SrcIp []byte
DestIp []byte
}IPhdr is the header of an IP packet.
type Packet struct {
// porting from 'pcap_pkthdr' struct
Time time.Time // packet send/receive time
Caplen uint32 // bytes stored in the file (caplen <= len)
Len uint32 // bytes sent/received
Data []byte // packet data
Type int // protocol type, see LINKTYPE_*
DestMac uint64
SrcMac uint64
Headers []interface{} // decoded headers, in order
Payload []byte // remaining non-header bytes
}Packet is a single packet parsed from a pcap file.
Decode decodes the headers of a Packet.
String prints a one-line representation of the packet header. The output is suitable for use in a tcpdump program.
type Pcap struct {
// contains filtered or unexported fields
}func OpenLive(device string, snaplen int32, promisc bool, timeout_ms int32) (handle *Pcap, err error)
OpenLive opens a device and returns a handler.
Openoffline
Activate a packet capture handle to look at packets on the network, with the options that were set on the handle being in effect.
Pcap closes a handler.
func (p *Pcap) DumpOpen(ofile *string) (dumper *PcapDumper, err error)
Inject ...
func (p *Pcap) PcapDump(dumper *PcapDumper, pkthdr_ptr *C.struct_pcap_pkthdr, buf_ptr *C.u_char)
func (p *Pcap) PcapDumpClose(dumper *PcapDumper)
func (p *Pcap) PcapDumpFlush(dumper *PcapDumper) error
Set buffer size (units in bytes) on activated handle.
If arg p is non-zero promiscuous mode will be set on capture handle when it is activated.
Set read timeout (milliseconds) that will be used on a capture handle when it is activated.
type PcapDumper struct {
// contains filtered or unexported fields
}type Reader struct {
Header FileHeader
// contains filtered or unexported fields
}Reader parses pcap files.
NewReader reads pcap data from an io.Reader.
Next returns the next packet or nil if no more packets can be read.
type Tcphdr struct {
SrcPort uint16
DestPort uint16
Seq uint32
Ack uint32
DataOffset uint8
Flags uint16
Window uint16
Checksum uint16
Urgent uint16
Data []byte
}type Writer struct {
// contains filtered or unexported fields
}Writer writes a pcap file.
NewWriter creates a Writer that stores output in an io.Writer. The FileHeader is written immediately.
Writer writes a packet to the underlying writer.
| Path | Synopsis |
|---|---|
| tools/pass | |
| tools/pcaptest | |
| tools/tcpdump |
Package pcap imports 11 packages (graph) and is imported by 14 packages. Updated 2017-01-25. Refresh now. Tools for package owners.