func Example() {
	// Create a buffer to write our pcap file to.
	buf := new(bytes.Buffer)

	// Create a new pcap file.
	pw := pcap.NewWriter(buf)
	defer func() {
		if err := pw.Close(); err != nil {
			log.Fatal(err)
		}
	}()

	// Add some records to the pcap file.
	var records = []Ethernet{
		{
			DstAddr: [6]byte{0x00, 0x50, 0x56, 0x00, 0xBA, 0xBE},
			SrcAddr: [6]byte{0x00, 0x50, 0x56, 0x00, 0xCA, 0xFE},
			Type:    0x0800,
		},
		{
			DstAddr: [6]byte{0x00, 0x50, 0x56, 0x00, 0xCA, 0xFE},
			SrcAddr: [6]byte{0x00, 0x50, 0x56, 0x00, 0xBA, 0xBE},
			Type:    0x0800,
		},
		{
			DstAddr: [6]byte{0x00, 0x50, 0x56, 0x00, 0xBE, 0xEF},
			SrcAddr: [6]byte{0x00, 0x50, 0x56, 0x00, 0xDE, 0xAD},
			Type:    0x0800,
		},
		{
			DstAddr: [6]byte{0x00, 0x50, 0x56, 0x00, 0xDE, 0xAD},
			SrcAddr: [6]byte{0x00, 0x50, 0x56, 0x00, 0xBE, 0xEF},
			Type:    0x0800,
		},
	}
	hdr := &pcap.Header{
		LinkType: pcap.LINKTYPE_ETHERNET,
	}
	if err := pw.WriteHeader(hdr); err != nil {
		log.Fatalln(err)
	}
	for i, record := range records {
		rhdr := &pcap.RecordHeader{
			TsSec:  uint32(i),
			TsUsec: 0,
			CapLen: uint32(14),
			Len:    uint32(14),
		}
		if err := pw.WriteRecordHeader(rhdr); err != nil {
			log.Fatalln(err)
		}
		if err := binary.Write(pw, binary.BigEndian, record); err != nil {
			log.Fatalln(err)
		}
	}
	// Make sure to check the error on Close.
	if err := pw.Close(); err != nil {
		log.Fatalln(err)
	}

	// Open the pcap file for reading.
	r := bytes.NewReader(buf.Bytes())
	pr, err := pcap.NewReader(r)
	if err != nil {
		log.Fatalln(err)
	}

	// Iterate through the files in the pcap file.
	for {
		hdr, err := pr.Next()
		if err == io.EOF {
			// end of pcap file
			break
		}
		if err != nil {
			log.Fatalln(err)
		}
		eth := &Ethernet{}
		if err = binary.Read(pr, binary.BigEndian, eth); err != nil {
			log.Fatalln(err)
		}
		fmt.Printf("%d.%.6d %d %x -> %x %x\n", hdr.TsSec, hdr.TsUsec, hdr.Len, eth.SrcAddr, eth.DstAddr, eth.Type)
	}

	// Output:
	// 0.000000 14 00505600cafe -> 00505600babe 800
	// 1.000000 14 00505600babe -> 00505600cafe 800
	// 2.000000 14 00505600dead -> 00505600beef 800
	// 3.000000 14 00505600beef -> 00505600dead 800
}
Beispiel #2
0
func main() {
	flag.Parse()
	args := flag.Args()
	if flag.NArg() != 1 {
		usage()
	}

	f, err := os.Open(args[0])
	if err != nil {
		log.Fatal(err)
	}
	defer func() {
		if err := f.Close(); err != nil {
			log.Fatal(err)
		}
	}()

	var totRecs int

	pr, err := pcap.NewReader(f)
	if err != nil {
		log.Fatal(err)
	}

	if *verbose {
		fmt.Println("Header")
		fmt.Printf("Magic 0x%.8x\n", pr.Header.Magic)
		fmt.Println("VersionMajor", pr.Header.VersionMajor)
		fmt.Println("VersionMinor", pr.Header.VersionMinor)
		fmt.Println("ThisZone", pr.Header.ThisZone)
		fmt.Println("SigFigs", pr.Header.SigFigs)
		fmt.Println("SnapLen", pr.Header.SnapLen)
		fmt.Println("LinkType", pr.Header.LinkType)
	}

	for {

		record, err := pr.Next()
		if err != nil {
			if err == io.EOF {
				break
			}
			log.Fatal(err)
		}
		totRecs++

		if *verbose {
			// https://wiki.wireshark.org/Development/LibpcapFileFormat
			fmt.Printf("PacketRecordHeader(%T):\tTsSecond=%v\tTsMicrosecond=%v\tCapLen=%v\tLen=%v\n", record, record.TsSec, record.TsUsec, record.CapLen, record.Len)
		}

		var ip []byte
		ip = make([]byte, 4)
		if err = binary.Read(pr, binary.BigEndian, &ip); err != nil {
			log.Fatalln(err)
		}
		// fmt.Printf("ip=%T=%#v=%#v\n", ip, ip, string(ip[:]))
		nip := net.IP(ip).String()
		fmt.Printf("nip=%T=%#v\n", nip, nip)
		ip4, ip6, ips := isIP(nip)
		fmt.Printf("ip4=%v ip6=%v ips=%v\n", ip4, ip6, ips)

		// eth := &Ethernet{}
		// if err = binary.Read(pr, binary.BigEndian, eth); err != nil {
		// 	log.Fatalln(err)
		// }
		// _, _, ips := isIP(net.IP(eth.SrcAddr).String())
		// fmt.Printf("%d.%.6d %d %v -> %x %x\n", record.TsSec, record.TsUsec, record.Len, ips, eth.DstAddr, eth.Type)

		// buf, err := ioutil.ReadAll(pr)
		// if err != nil {
		// 	log.Fatal(err)
		// }
		// if *verbose {
		// 	fmt.Println()
		// 	fmt.Println("Payload")
		// 	fmt.Println(buf)
		// }

	} // for
	fmt.Printf("Records=%v\n", totRecs)

}
Beispiel #3
0
func main() {
	flag.Parse()
	args := flag.Args()

	if flag.NArg() != 2 {
		usage()
	}

	in, err := os.Open(args[0])
	if err != nil {
		log.Fatal(err)
	}
	defer func() {
		if err := in.Close(); err != nil {
			log.Fatal(err)
		}
	}()

	pr, err := pcap.NewReader(in)
	if err != nil {
		log.Fatal(err)
	}

	if *verbose {
		fmt.Println("Header")
		fmt.Printf("Magic 0x%.8x\n", pr.Header.Magic)
		fmt.Println("VersionMajor", pr.Header.VersionMajor)
		fmt.Println("VersionMinor", pr.Header.VersionMinor)
		fmt.Println("ThisZone", pr.Header.ThisZone)
		fmt.Println("SigFigs", pr.Header.SigFigs)
		fmt.Println("SnapLen", pr.Header.SnapLen)
		fmt.Println("LinkType", pr.Header.LinkType)
	}

	out, err := os.Create(args[1])
	if err != nil {
		log.Fatal(err)
	}
	defer func() {
		if err := out.Close(); err != nil {
			log.Fatal(err)
		}
	}()

	pw := pcap.NewWriter(out)
	defer func() {
		if err := pw.Close(); err != nil {
			log.Fatal(err)
		}
	}()

	if err := pw.WriteHeader(&pr.Header); err != nil {
		log.Fatal(err)
	}

	for {
		record, err := pr.Next()
		if err != nil {
			if err == io.EOF {
				break
			}
			log.Fatal(err)
		}

		if *verbose {
			fmt.Println()
			fmt.Println("RecordHeader")
			fmt.Println("TsSec", record.TsSec)
			fmt.Println("TsUsec", record.TsUsec)
			fmt.Println("CapLen", record.CapLen)
			fmt.Println("Len", record.Len)
		}

		buf, err := ioutil.ReadAll(pr)
		if err != nil {
			log.Fatal(err)
		}
		if err := pw.WriteRecordHeader(record); err != nil {
			log.Fatal(err)
		}
		if _, err = pw.Write(buf); err != nil {
			log.Fatal(err)
		}
	}
}