예제 #1
0
func main() {
	// Open output pcap file and write header
	dumpFile, _ := os.Create(dumpFilename)
	packetWriter := pcapgo.NewWriter(dumpFile)
	packetWriter.WriteFileHeader(65535, layers.LinkTypeEthernet)
	defer dumpFile.Close()

	// Open device for capturing
	handle, err = pcap.OpenLive(deviceName, snapshotLen, promiscuous, timeout)
	if err != nil {
		log.Fatal("Error opening device %s: %v", deviceName, err)
	}
	defer handle.Close()
	packetSource := gopacket.NewPacketSource(handle, handle.LinkType())

	// Start processing packets
	for packet := range packetSource.Packets() {
		fmt.Println(packet)
		packetWriter.WritePacket(packet.Metadata().CaptureInfo, packet.Data())
		packetCount++

		// Only capture 100 packets
		if packetCount > 100 {
			break
		}
	}
}
예제 #2
0
func (p *PcapLogger) Start() {
	if p.fileWriter == nil {
		p.basename = filepath.Join(p.LogDir, fmt.Sprintf("%s.pcap", p.Flow))
		p.fileWriter = NewRotatingQuotaWriter(p.basename, p.pcapQuota, p.pcapLogNum, p.WriteHeader)
		p.writer = pcapgo.NewWriter(p.fileWriter)
	}
	go p.logPackets()
}
예제 #3
0
파일: ng.go 프로젝트: 4lyingli0n/netgraph
func runNGNet(packetSource *gopacket.PacketSource) {
	streamFactory := ngnet.NewHttpStreamFactory(eventChan)
	pool := tcpassembly.NewStreamPool(streamFactory)
	assembler := tcpassembly.NewAssembler(pool)

	var pcapWriter *pcapgo.Writer
	if *outputPcap != "" {
		outPcapFile, err := os.Create(*outputPcap)
		if err != nil {
			log.Fatalln(err)
		}
		defer outPcapFile.Close()
		pcapWriter = pcapgo.NewWriter(outPcapFile)
		pcapWriter.WriteFileHeader(65536, layers.LinkTypeEthernet)
	}

	var count int = 0
	for packet := range packetSource.Packets() {
		count++
		net_layer := packet.NetworkLayer()
		if net_layer == nil {
			continue
		}
		trans_layer := packet.TransportLayer()
		if trans_layer == nil {
			continue
		}
		tcp, _ := trans_layer.(*layers.TCP)
		if tcp == nil {
			continue
		}

		if pcapWriter != nil {
			pcapWriter.WritePacket(packet.Metadata().CaptureInfo, packet.Data())
		}

		assembler.AssembleWithTimestamp(
			net_layer.NetworkFlow(),
			tcp,
			packet.Metadata().CaptureInfo.Timestamp)
	}

	assembler.FlushAll()
	streamFactory.Wait()
	log.Println("Packet count: ", count)
}
예제 #4
0
파일: writer.go 프로젝트: hb9cwp/sniffer
// Open and create a pcap output file
func openPcap(config *Config) error {
	if config.pcapOut != "" {
		f, err := os.Create(config.pcapOut)
		w := pcapgo.NewWriter(f)

		// Write the PCAP global header
		w.WriteFileHeader(65536, layers.LinkTypeEthernet)

		// Store the file/writer handles
		config.pcapFile = f
		config.pcapWriter = w
		log.Printf("Logging packets to %s", config.pcapOut)

		return err
	}

	return nil
}
예제 #5
0
파일: pcapsplit.go 프로젝트: ikravets/ev
func (s *Splitter) SplitByOptions(confs map[packet.OptionId]SplitByOptionsConfig) (err error) {
	defer errs.PassE(&err)
	inHandle, err := pcap.OpenOffline(s.inputFileName)
	errs.CheckE(err)
	defer inHandle.Close()

	type state struct {
		SplitByOptionsConfig
		w             *pcapgo.Writer
		lastPacketNum *int
	}
	states := make(map[packet.OptionId]*state)

	for oid, conf := range confs {
		state := state{
			SplitByOptionsConfig: conf,
			w:                    pcapgo.NewWriter(conf.Writer),
			lastPacketNum:        conf.LastPacketNum,
		}
		if state.lastPacketNum == nil {
			state.lastPacketNum = new(int)
		}
		if !conf.AppendOnly {
			errs.CheckE(state.w.WriteFileHeader(65536, layers.LinkTypeEthernet))
		}
		states[oid] = &state
	}

	for i, poids := range s.allPacketOids[1:] {
		data, ci, err := inHandle.ZeroCopyReadPacketData()
		errs.CheckE(err)
		for _, poid := range poids {
			if state := states[poid]; state != nil && *state.lastPacketNum < i {
				errs.CheckE(state.w.WritePacket(ci, data))
				*state.lastPacketNum = i
			}
		}
	}
	return nil
}
예제 #6
0
파일: base.go 프로젝트: nizq/stenographer
// PacketsToFile writes all packets from 'in' to 'out', writing out all packets
// in a valid PCAP file format.
func PacketsToFile(in *PacketChan, out io.Writer) error {
	w := pcapgo.NewWriter(out)
	w.WriteFileHeader(snapLen, layers.LinkTypeEthernet)
	count := 0
	defer in.Discard()
	defer func() {
		V(1, "wrote %d packets of %d input packets", count, len(in.C))
	}()
	for p := range in.Receive() {
		if len(p.Data) > snapLen {
			p.Data = p.Data[:snapLen]
		}
		if err := w.WritePacket(p.CaptureInfo, p.Data); err != nil {
			// This can happen if our pipe is broken, and we don't want to blow stack
			// traces all over our users when that happens, so Error/Exit instead of
			// Fatal.
			return fmt.Errorf("error writing packet: %v", err)
		}
		count++
	}
	return in.Err()
}
예제 #7
0
func main() {
	var FilePathInput string
	var FilePathOutput string
	flag.StringVar(&FilePathInput, "in", "", "the path of PCAP file")
	flag.StringVar(&FilePathOutput, "out", "", "the output file")
	flag.Parse() // in mind if we need to do search in file.
	if FilePathInput == "" || FilePathOutput == "" {
		fmt.Print("lack of parameters!")
		return
	}
	handle, err := pcap.OpenOffline(FilePathInput)
	if err != nil {
		panic(err)
	}
	defer handle.Close()
	packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
	//need to add tcp assemble and udp defrag here.
	Output, err := os.Create(FilePathOutput)
	w := pcapgo.NewWriter(Output)
	w.WriteFileHeader(65536, layers.LinkTypeRaw)
	defer Output.Close()
	// need add function call here
	tcpPack := make(chan gopacket.Packet, 5) // maybe need change buffersize for chan
	nomalPack := make(chan gopacket.Packet, 5)
	fragV4Pack := make(chan gopacket.Packet, 5)
	fragV6Pack := make(chan gopacket.Packet, 5)
	endNotification := make(chan bool)
	go readSource(packetSource, tcpPack, nomalPack, fragV4Pack, fragV6Pack, endNotification)
	go v6Defrag(fragV6Pack, nomalPack)
	go v4Defrag(fragV4Pack, nomalPack)
	go pcapWrite(w, nomalPack)
	streamFactory := &DNSStreamFactory{normal: nomalPack}
	streamPool := tcpassembly.NewStreamPool(streamFactory)
	assembler := tcpassembly.NewAssembler(streamPool)
	go tcpAssemble(tcpPack, assembler)

	// wait for the reading to finish
	<-endNotification
}
예제 #8
0
파일: memh2pcap.go 프로젝트: ikravets/ev
func (m *memh2pcap) Open(w io.Writer) (err error) {
	defer errs.PassE(&err)
	m.pw = pcapgo.NewWriter(w)
	errs.CheckE(m.pw.WriteFileHeader(65536, layers.LinkTypeEthernet))

	eth := &layers.Ethernet{
		SrcMAC:       net.HardwareAddr([]byte{0, 22, 33, 44, 55, 66}),
		DstMAC:       net.HardwareAddr([]byte{11, 22, 33, 44, 55, 77}),
		EthernetType: layers.EthernetType(0x800),
	}
	ip := &layers.IPv4{
		Version:  4,
		SrcIP:    net.IP{1, 2, 3, 4},
		DstIP:    net.IP{233, 54, 12, 1},
		TTL:      1,
		Protocol: layers.IPProtocolUDP,
	}
	udp := &layers.UDP{
		SrcPort: 1,
		DstPort: 18001,
	}
	errs.CheckE(udp.SetNetworkLayerForChecksum(ip))
	mold := &nasdaq.MoldUDP64{
		Session:        "TestSess00",
		SequenceNumber: 0,
		MessageCount:   1,
	}
	moldMb := &nasdaq.MoldUDP64MessageBlockChained{}

	m.mold = mold
	m.layers = append([]gopacket.SerializableLayer{}, moldMb, mold, udp, ip, eth)

	m.sb = gopacket.NewSerializeBuffer()
	m.so = gopacket.SerializeOptions{
		FixLengths:       true,
		ComputeChecksums: true,
	}
	return
}
예제 #9
0
파일: pcap.go 프로젝트: regit/evebox
// Create a 1 packet PCAP buffer.
//
// Give a timestamp, a packet and a linktype return a []byte buffer
// containing a complete PCAP file.
func CreatePcap(timestamp time.Time, packet []byte, linktype layers.LinkType) ([]byte, error) {
	var output bytes.Buffer
	var err error

	pcapWriter := pcapgo.NewWriter(&output)
	err = pcapWriter.WriteFileHeader(0xffff, linktype)
	if err != nil {
		return nil, err
	}

	captureInfo := gopacket.CaptureInfo{
		Timestamp:     timestamp,
		CaptureLength: len(packet),
		Length:        len(packet),
	}

	err = pcapWriter.WritePacket(captureInfo, packet)
	if err != nil {
		return nil, err
	}

	return output.Bytes(), nil
}
예제 #10
0
func TestPCAPGoWrite(t *testing.T) {
	f, err := ioutil.TempFile("", "pcapgo")
	if err != nil {
		t.Fatal(err)
	}
	data := []byte{0xab, 0xcd, 0xef, 0x01, 0x02, 0x03, 0x04}
	ci := gopacket.CaptureInfo{
		Timestamp:     time.Unix(12345667, 1234567000),
		Length:        700,
		CaptureLength: len(data),
	}
	func() {
		defer f.Close()
		w := pcapgo.NewWriter(f)
		if err := w.WriteFileHeader(65536, layers.LinkTypeEthernet); err != nil {
			t.Fatal(err)
		}
		if err := w.WritePacket(ci, data); err != nil {
			t.Fatal(err)
		}
	}()
	h, err := OpenOffline(f.Name())
	if err != nil {
		t.Fatal(err)
	}
	defer h.Close()
	gotData, gotCI, err := h.ReadPacketData()
	if err != nil {
		t.Fatal("could not read first packet:", err)
	}
	if !bytes.Equal(gotData, data) {
		t.Errorf("byte mismatch:\nwant: %v\n got: %v", data, gotData)
	}
	if !reflect.DeepEqual(ci, gotCI) {
		t.Errorf("CI mismatch:\nwant: %v\n got: %v", ci, gotCI)
	}
}
예제 #11
0
//DumpPackets attaches a gopcap writer to a file for dumping packets coming from the
//snifer to a file and calls a function that is supplied when done(i.e frozen or drop)
func (b *BaseController) DumpPackets(fx func(string)) error {
	if b.State() != RunningState {
		return ErrBadController
	}

	dir := fmt.Sprintf("./%s/%s", b.Profile().DataFolder, "packets")

	err := os.MkdirAll(dir, 0666)

	if err != nil && !os.IsExist(err) {
		checkError(err, fmt.Sprintf("Creating dir %s for %s", dir, b.Name()))
	}

	fname := path.Clean(fmt.Sprintf("%s/%s.%d.pcap", dir, b.Name(), rand.Intn(3234)*20))
	dum, err := os.Create(fname)

	if err != nil {
		checkError(err, fmt.Sprintf("Creating file %s for %s", fname, b.Name()))
		return err
	}

	lt, err := b.snifer.LinkType()

	if err != nil {
		checkError(err, fmt.Sprintf("Retrieving Snifer linkType for %s", b.Name()))
		return err
	}

	gow := pcapgo.NewWriter(dum)

	if err := gow.WriteFileHeader(65536, lt); err != nil {
		checkError(err, fmt.Sprintf("Writing pcap Headers %s", b.Name()))
		return err
	}

	sub := b.Snifer().Listen(func(packet gopacket.Packet, _ flux.Stacks) {
		data := packet.Data()
		err := gow.WritePacket(gopacket.CaptureInfo{
			Timestamp:     time.Now(),
			CaptureLength: len(data),
			Length:        len(data),
		}, data)
		checkError(err, fmt.Sprintf("Dumping Packet Data to %s", fname))
	})

	end := new(sync.Once)
	ender := func() {
		defer sub.Close()
		dum.Close()
		log.Printf("Closing gopacket Writer and File for %s snifer on file %s", b.Name(), fname)
		if fx != nil {
			fx(fname)
		}
	}

	_ = b.OnFreezed().Stack(func(b interface{}, sz flux.Stacks) interface{} {
		defer sz.Close()
		end.Do(ender)
		return b
	}, true)

	_ = b.OnDrop().Stack(func(b interface{}, sz flux.Stacks) interface{} {
		defer sz.Close()
		end.Do(ender)
		return b
	}, true)

	return nil
}