func Example() {
// Create a buffer to write our pcap file to.
buf := new(bytes.Buffer)
// Create a new pcap file.
pw := pcap.NewWriter(buf)
defer func() {
if err := pw.Close(); err != nil {
log.Fatal(err)
}
}()
// Add some records to the pcap file.
var records = []Ethernet{
{
DstAddr: [6]byte{0x00, 0x50, 0x56, 0x00, 0xBA, 0xBE},
SrcAddr: [6]byte{0x00, 0x50, 0x56, 0x00, 0xCA, 0xFE},
Type: 0x0800,
},
{
DstAddr: [6]byte{0x00, 0x50, 0x56, 0x00, 0xCA, 0xFE},
SrcAddr: [6]byte{0x00, 0x50, 0x56, 0x00, 0xBA, 0xBE},
Type: 0x0800,
},
{
DstAddr: [6]byte{0x00, 0x50, 0x56, 0x00, 0xBE, 0xEF},
SrcAddr: [6]byte{0x00, 0x50, 0x56, 0x00, 0xDE, 0xAD},
Type: 0x0800,
},
{
DstAddr: [6]byte{0x00, 0x50, 0x56, 0x00, 0xDE, 0xAD},
SrcAddr: [6]byte{0x00, 0x50, 0x56, 0x00, 0xBE, 0xEF},
Type: 0x0800,
},
}
hdr := &pcap.Header{
LinkType: pcap.LINKTYPE_ETHERNET,
}
if err := pw.WriteHeader(hdr); err != nil {
log.Fatalln(err)
}
for i, record := range records {
rhdr := &pcap.RecordHeader{
TsSec: uint32(i),
TsUsec: 0,
CapLen: uint32(14),
Len: uint32(14),
}
if err := pw.WriteRecordHeader(rhdr); err != nil {
log.Fatalln(err)
}
if err := binary.Write(pw, binary.BigEndian, record); err != nil {
log.Fatalln(err)
}
}
// Make sure to check the error on Close.
if err := pw.Close(); err != nil {
log.Fatalln(err)
}
// Open the pcap file for reading.
r := bytes.NewReader(buf.Bytes())
pr, err := pcap.NewReader(r)
if err != nil {
log.Fatalln(err)
}
// Iterate through the files in the pcap file.
for {
hdr, err := pr.Next()
if err == io.EOF {
// end of pcap file
break
}
if err != nil {
log.Fatalln(err)
}
eth := &Ethernet{}
if err = binary.Read(pr, binary.BigEndian, eth); err != nil {
log.Fatalln(err)
}
fmt.Printf("%d.%.6d %d %x -> %x %x\n", hdr.TsSec, hdr.TsUsec, hdr.Len, eth.SrcAddr, eth.DstAddr, eth.Type)
}
// Output:
// 0.000000 14 00505600cafe -> 00505600babe 800
// 1.000000 14 00505600babe -> 00505600cafe 800
// 2.000000 14 00505600dead -> 00505600beef 800
// 3.000000 14 00505600beef -> 00505600dead 800
}
func main() {
flag.Parse()
args := flag.Args()
if flag.NArg() != 1 {
usage()
}
f, err := os.Open(args[0])
if err != nil {
log.Fatal(err)
}
defer func() {
if err := f.Close(); err != nil {
log.Fatal(err)
}
}()
var totRecs int
pr, err := pcap.NewReader(f)
if err != nil {
log.Fatal(err)
}
if *verbose {
fmt.Println("Header")
fmt.Printf("Magic 0x%.8x\n", pr.Header.Magic)
fmt.Println("VersionMajor", pr.Header.VersionMajor)
fmt.Println("VersionMinor", pr.Header.VersionMinor)
fmt.Println("ThisZone", pr.Header.ThisZone)
fmt.Println("SigFigs", pr.Header.SigFigs)
fmt.Println("SnapLen", pr.Header.SnapLen)
fmt.Println("LinkType", pr.Header.LinkType)
}
for {
record, err := pr.Next()
if err != nil {
if err == io.EOF {
break
}
log.Fatal(err)
}
totRecs++
if *verbose {
// https://wiki.wireshark.org/Development/LibpcapFileFormat
fmt.Printf("PacketRecordHeader(%T):\tTsSecond=%v\tTsMicrosecond=%v\tCapLen=%v\tLen=%v\n", record, record.TsSec, record.TsUsec, record.CapLen, record.Len)
}
var ip []byte
ip = make([]byte, 4)
if err = binary.Read(pr, binary.BigEndian, &ip); err != nil {
log.Fatalln(err)
}
// fmt.Printf("ip=%T=%#v=%#v\n", ip, ip, string(ip[:]))
nip := net.IP(ip).String()
fmt.Printf("nip=%T=%#v\n", nip, nip)
ip4, ip6, ips := isIP(nip)
fmt.Printf("ip4=%v ip6=%v ips=%v\n", ip4, ip6, ips)
// eth := &Ethernet{}
// if err = binary.Read(pr, binary.BigEndian, eth); err != nil {
// log.Fatalln(err)
// }
// _, _, ips := isIP(net.IP(eth.SrcAddr).String())
// fmt.Printf("%d.%.6d %d %v -> %x %x\n", record.TsSec, record.TsUsec, record.Len, ips, eth.DstAddr, eth.Type)
// buf, err := ioutil.ReadAll(pr)
// if err != nil {
// log.Fatal(err)
// }
// if *verbose {
// fmt.Println()
// fmt.Println("Payload")
// fmt.Println(buf)
// }
} // for
fmt.Printf("Records=%v\n", totRecs)
}
func main() {
flag.Parse()
args := flag.Args()
if flag.NArg() != 2 {
usage()
}
in, err := os.Open(args[0])
if err != nil {
log.Fatal(err)
}
defer func() {
if err := in.Close(); err != nil {
log.Fatal(err)
}
}()
pr, err := pcap.NewReader(in)
if err != nil {
log.Fatal(err)
}
if *verbose {
fmt.Println("Header")
fmt.Printf("Magic 0x%.8x\n", pr.Header.Magic)
fmt.Println("VersionMajor", pr.Header.VersionMajor)
fmt.Println("VersionMinor", pr.Header.VersionMinor)
fmt.Println("ThisZone", pr.Header.ThisZone)
fmt.Println("SigFigs", pr.Header.SigFigs)
fmt.Println("SnapLen", pr.Header.SnapLen)
fmt.Println("LinkType", pr.Header.LinkType)
}
out, err := os.Create(args[1])
if err != nil {
log.Fatal(err)
}
defer func() {
if err := out.Close(); err != nil {
log.Fatal(err)
}
}()
pw := pcap.NewWriter(out)
defer func() {
if err := pw.Close(); err != nil {
log.Fatal(err)
}
}()
if err := pw.WriteHeader(&pr.Header); err != nil {
log.Fatal(err)
}
for {
record, err := pr.Next()
if err != nil {
if err == io.EOF {
break
}
log.Fatal(err)
}
if *verbose {
fmt.Println()
fmt.Println("RecordHeader")
fmt.Println("TsSec", record.TsSec)
fmt.Println("TsUsec", record.TsUsec)
fmt.Println("CapLen", record.CapLen)
fmt.Println("Len", record.Len)
}
buf, err := ioutil.ReadAll(pr)
if err != nil {
log.Fatal(err)
}
if err := pw.WriteRecordHeader(record); err != nil {
log.Fatal(err)
}
if _, err = pw.Write(buf); err != nil {
log.Fatal(err)
}
}
}