コード例 #1
0
ファイル: decode_test.go プロジェクト: jcantrill/geard
func testSerialization(t *testing.T, p gopacket.Packet, data []byte) {
	// Test re-serialization.
	slayers := []gopacket.SerializableLayer{}
	for _, l := range p.Layers() {
		slayers = append(slayers, l.(gopacket.SerializableLayer))
		if h, ok := l.(canSetNetLayer); ok {
			if err := h.SetNetworkLayerForChecksum(p.NetworkLayer()); err != nil {
				t.Fatal("can't set network layer:", err)
			}
		}
	}
	for _, opts := range []gopacket.SerializeOptions{
		gopacket.SerializeOptions{},
		gopacket.SerializeOptions{FixLengths: true},
		gopacket.SerializeOptions{ComputeChecksums: true},
		gopacket.SerializeOptions{FixLengths: true, ComputeChecksums: true},
	} {
		buf := gopacket.NewSerializeBuffer()
		err := gopacket.SerializeLayers(buf, opts, slayers...)
		if err != nil {
			t.Errorf("unable to reserialize layers with opts %#v: %v", opts, err)
		} else if !bytes.Equal(buf.Bytes(), data) {
			t.Errorf("serialization failure with opts %#v:\n---want---\n%v\n---got---\n%v\nBASH-colorized diff, want->got:\n%v", opts, hex.Dump(data), hex.Dump(buf.Bytes()), diffString(data, buf.Bytes()))
		}
	}
}
コード例 #2
0
ファイル: arpscan.go プロジェクト: dazer-chen/gopacket
// readARP watches a handle for incoming ARP responses we might care about, and prints them.
//
// readARP loops until 'stop' is closed.
func readARP(handle *pcap.Handle, iface *net.Interface, stop chan struct{}) {
	src := gopacket.NewPacketSource(handle, layers.LayerTypeEthernet)
	in := src.Packets()
	for {
		var packet gopacket.Packet
		select {
		case <-stop:
			return
		case packet = <-in:
			arpLayer := packet.Layer(layers.LayerTypeARP)
			if arpLayer == nil {
				continue
			}
			arp := arpLayer.(*layers.ARP)
			if arp.Operation != layers.ARPReply || bytes.Equal([]byte(iface.HardwareAddr), arp.SourceHwAddress) {
				// This is a packet I sent.
				continue
			}
			// Note:  we might get some packets here that aren't responses to ones we've sent,
			// if for example someone else sends US an ARP request.  Doesn't much matter, though...
			// all information is good information :)
			log.Printf("IP %v is at %v", net.IP(arp.SourceProtAddress), net.HardwareAddr(arp.SourceHwAddress))
		}
	}
}
コード例 #3
0
ファイル: base_test.go プロジェクト: dazer-chen/gopacket
func checkLayers(p gopacket.Packet, want []gopacket.LayerType, t *testing.T) {
	layers := p.Layers()
	t.Log("Checking packet layers, want", want)
	for _, l := range layers {
		t.Logf("  Got layer %v, %d bytes, payload of %d bytes", l.LayerType(),
			len(l.LayerContents()), len(l.LayerPayload()))
	}
	t.Log(p)
	if len(layers) != len(want) {
		t.Errorf("  Number of layers mismatch: got %d want %d", len(layers),
			len(want))
		return
	}
	for i, l := range layers {
		if l.LayerType() != want[i] {
			t.Errorf("  Layer %d mismatch: got %v want %v", i, l.LayerType(),
				want[i])
		}
	}
}
コード例 #4
0
ファイル: deauth.go プロジェクト: WoLfh0UnD/deauthdemo
func handlePacket(p gopacket.Packet) {
	ap := AP{}
	// extract beacon
	// extract Ssid
	for _, l := range p.Layers() {
		switch l.LayerType() {
		case layers.LayerTypeDot11MgmtBeacon:
			beacon, ok := p.Layer(layers.LayerTypeDot11MgmtBeacon).(*layers.Dot11MgmtBeacon)
			if !ok {
				log.Println("Could not marshal layer thing")
				continue
			}
			pack := gopacket.NewPacket(beacon.LayerContents(), layers.LayerTypeDot11MgmtBeacon, gopacket.Default)
			for _, subpack := range pack.Layers() {
				info, ok := subpack.(*layers.Dot11InformationElement)
				if !ok {
					continue
				}
				if info.ID == layers.Dot11InformationElementIDSSID {
					ap.Ssid = fmt.Sprintf("%s", info.Info)
					break
				}
			}
		case layers.LayerTypeDot11:
			base, ok := p.Layer(layers.LayerTypeDot11).(*layers.Dot11)
			if !ok {
				continue
			}
			ap.Bssid = base.Address2
			continue
		case layers.LayerTypeRadioTap:
			radio, ok := p.Layer(layers.LayerTypeRadioTap).(*layers.RadioTap)
			if !ok {
				continue
			}
			ap.Channel = radio.ChannelFrequency
			continue

		}
	}
	APList[ap.Ssid] = ap
}
コード例 #5
0
func handlePacket(packet gopacket.Packet, counter chan *PacketCount) {
	appLayer := packet.ApplicationLayer()
	if appLayer == nil {
		return
	}

	if networkLayer := packet.NetworkLayer(); networkLayer != nil {
		srcIP := networkLayer.NetworkFlow().Src().String()
		dstIP := networkLayer.NetworkFlow().Dst().String()

		meta := packet.Metadata()
		counter <- &PacketCount{
			src:  srcIP,
			dst:  dstIP,
			size: uint64(meta.Length),
		}
	}
}
コード例 #6
0
ファイル: GPCapture.go プロジェクト: kelixin/goProbe
// Packet information digestion ------------------------------------------------------
// function that takes the raw packet and creates a GPPacket structure from it. Initial
//  sanity checking has been performed in the function above, so we can now check whether
// the packet can be decoded directly
func (g *GPCapture) handlePacket(curPack gopacket.Packet) (*GPPacket, error) {

    // process metadata
    var numBytes uint16 = uint16(curPack.Metadata().CaptureInfo.Length)

    // read the direction from which the packet entered the interface
    isInboundTraffic := false
    if curPack.Metadata().CaptureInfo.Inbound == 1 {
        isInboundTraffic = true
    }

    // initialize vars (GO ensures that all variables are initialized with their
    // respective zero element)
    var (
        src, dst      []byte = zeroip, zeroip
        sp, dp        []byte = zeroport, zeroport

        // the default value is reserved by IANA and thus will never occur unless
        // the protocol could not be correctly identified 
        proto         byte   = 0xff
        fragBits      byte   = 0x00
        fragOffset    uint16
        TCPflags      uint8
        l7payload     []byte = zeropayload
        l7payloadSize uint16

        // size helper vars
        nlHeaderSize uint16
        tpHeaderSize uint16
    )

    // decode rest of packet
    if curPack.NetworkLayer() != nil {

	    nw_l := curPack.NetworkLayer().LayerContents()
        nlHeaderSize = uint16(len(nw_l))

        // exit if layer is available but the bytes aren't captured by the layer
        // contents
        if nlHeaderSize == 0 {
            return nil, errors.New("Network layer header not available")
        }

        // get ip info
        ipsrc, ipdst := curPack.NetworkLayer().NetworkFlow().Endpoints()

        src = ipsrc.Raw()
        dst = ipdst.Raw()

        // read out the next layer protocol
        switch curPack.NetworkLayer().LayerType() {
        case layers.LayerTypeIPv4:

            proto = nw_l[9]

	        // check for IP fragmentation
	        fragBits   = (0xe0 & nw_l[6]) >> 5
	        fragOffset = (uint16(0x1f & nw_l[6]) << 8) | uint16(nw_l[7])

	        // return decoding error if the packet carries anything other than the
	        // first fragment, i.e. if the packet lacks a transport layer header
	        if fragOffset != 0 {
                return nil, errors.New("Fragmented IP packet: offset: "+strconv.FormatUint(uint64(fragOffset), 10)+" flags: "+strconv.FormatUint(uint64(fragBits), 10))
	        }

        case layers.LayerTypeIPv6:
             proto = nw_l[6]
        }

        if curPack.TransportLayer() != nil {

            // get layer contents
            tp_l := curPack.TransportLayer().LayerContents()
            tpHeaderSize = uint16(len(tp_l))

            if tpHeaderSize == 0  {
                return nil, errors.New("Transport layer header not available")
            }

            // get port bytes
            psrc, dsrc := curPack.TransportLayer().TransportFlow().Endpoints()

            // only get raw bytes if we actually have TCP or UDP
            if proto == 6 || proto == 17 {
                sp = psrc.Raw()
                dp = dsrc.Raw()
            }

            // if the protocol is TCP, grab the flag information
            if proto == 6 {
                if tpHeaderSize < 14  {
                    return nil, errors.New("Incomplete TCP header: "+string(tp_l))
                }

                TCPflags = tp_l[13] // we are primarily interested in SYN, ACK and FIN
            }

            // grab the next layer payload's first 4 bytes and calculate
            // the layer 7 payload size if the application layer could
            // be correctly decoded
            if curPack.ApplicationLayer() != nil {
                pl := curPack.ApplicationLayer().Payload()
                lenPayload := len(pl)

                if lenPayload >= 4 {
                    l7payload = pl[0:4]
                } else {
                    for i := 0; i < lenPayload; i++ {
                        l7payload[i] = pl[i]
                    }
                }

            }
            l7payloadSize = numBytes - tpHeaderSize - nlHeaderSize
        }
    } else {
        return nil, errors.New("network layer decoding failed")
    }

    return NewGPPacket(src, dst, sp, dp, l7payload, l7payloadSize, proto, numBytes, TCPflags, isInboundTraffic), nil
}
コード例 #7
0
func originalSize(packet gopacket.Packet) int {
	return len(packet.NetworkLayer().LayerPayload()) + len(packet.NetworkLayer().LayerContents())
}
コード例 #8
0
//Returns both the source & destination IP.
func getSrcDstIP(packet gopacket.Packet) (net.IP, net.IP) {
	ipLayer := packet.Layer(layers.LayerTypeIPv4)
	// Get IP data from this layer
	ip, _ := ipLayer.(*layers.IPv4)
	return ip.SrcIP, ip.DstIP
}