README
¶
golibwireshark
Package golibwireshark use libwireshark library to decode pcap file and analyse dissection data.
This package can only be used in OS linux with CPU x86_64. If you want to use it on other CPU structure, you need compile library in libs folder from source code.
Dependencies
-
libwireshark library (version 1.12.8)
-
libglib2.0
Install
- ubuntu
apt-get install libglib2.0-dev
go get github.com/sunwxg/golibwireshark
cd $GOPATH/src/github.com/sunwxg/golibwireshark
cat libs/libwireshark.{00,01,02,03} > libs/libwireshark.so
chmod 775 libs/libwireshark.so
go build
go test
Examples
file := "1.pcap"
outfile := "o.pcap"
key := "ip.addr"
err := golibwireshark.Init(file, outfile)
if err != nil {
fmt.Printf("open file failed\n")
return
}
defer golibwireshark.Clean()
var p golibwireshark.Packet
for {
p.GetPacket()
if p.Edt == nil {
break
}
if _, ok := p.IsKey(key); ok {
p.WriteToFile()
}
p.FreePacket()
}
Documentation
¶
Overview ¶
Package golibwireshark use libwireshark library to decode pcap file and analyse dissection data.
Example ¶
package main
import (
"fmt"
"github.com/sunwxg/golibwireshark"
)
func main() {
file := "1.pcap"
outfile := "o.pcap"
key := "ip.addr"
err := golibwireshark.Init(file, outfile)
if err != nil {
fmt.Printf("open file failed\n")
return
}
defer golibwireshark.Clean()
var p golibwireshark.Packet
for {
p.GetPacket()
if p.Edt == nil {
break
}
if _, ok := p.IsKey(key); ok {
p.WriteToFile()
}
p.FreePacket()
}
}
Output:
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CloseInputFile ¶
func CloseInputFile()
CloseInputFile close input file. Using ReOpenInputFile to open a new input file.
func CloseOutputFile ¶
func CloseOutputFile()
CloseOutputFile close output file. Using ReOpenOutputFile to open a new output file.
func Init ¶
Init initializing the dissection. If opening inputfile or savefile fail, return err. After dissection finish, should use Clean() to end the dissection.
func ReOpenInputFile ¶
ReOpenInputFile open a new input file after CloseInputFile. If open file failed, return error.
func ReOpenOutputFile ¶
ReOpenOutputFile open a new output file after CloseOutputFile. if open file failed, return error.
Types ¶
type Packet ¶
type Packet struct {
Edt *C.struct_epan_dissect //packet data index after dissected
Field *C.struct__proto_node //packet field index
}
Packet data index after dissection
func (*Packet) GetField ¶
GetField get field index by key. If key exists, return true, Field item equal index, otherwise return false and Field item equal nil.
func (*Packet) GetPacket ¶
func (p *Packet) GetPacket()
GetPacket get one packet data index which has been dissected. If no more packet to be dissected, Edt return nil. After analysing packet data, should use FreePacket() to free packet data.
func (Packet) IsKey ¶
IsKey find a key in packet dissection data. If key exists, ok=ture, value is key value, otherwise ok=false.
func (Packet) String ¶
String do human readable printout. If Field equal nil, print out the packet. If Field doesn't equal nil, print out the Field.
func (*Packet) WriteToFile ¶
WriteToFile write a packet to file. If Output file are not initialized, return error.
Source Files
Directories