示例#1
0
func ProduceAlertPackets(payloadPacs list.List) list.List {
	var alertPacs list.List
	for e := payloadPacs.Front(); e != nil; e = e.Next() {
		var p TLSHandshakeDecoder.TLSRecordLayer
		pl := e.Value.([]byte)
		err := TLSHandshakeDecoder.DecodeRecord(&p, pl)
		if err != nil {
			panic(err)
		} else {
			if len(p.Fragment) > 1 && p.ContentType == TLSHandshakeDecoder.TypeAlert {
				var alert Alert
				DecodeAlert(&alert, p)
				alertPacs.PushBack(alert)
			}
		}
	}
	for e := alertPacs.Front(); e != nil; e = e.Next() {
		log.Println("Alert data:", e)
	}
	return alertPacs
}
func main() {
	if handle, err := pcap.OpenOffline("test.pcap"); err != nil {
		panic(err)
	} else {
		packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
		for packet := range packetSource.Packets() {
			//spew.Dump(packet.ApplicationLayer().Payload())
			payload := packet.ApplicationLayer().Payload()
			var p TLSHandshakeDecoder.TLSRecordLayer
			// decode record layer
			err = TLSHandshakeDecoder.DecodeRecord(&p, payload)
			if err != nil {
				panic(err)
			} else {
				// decode handshake
				//spew.Dump(p)
				var ph TLSHandshakeDecoder.TLSHandshake
				err = TLSHandshakeDecoder.TLSDecodeHandshake(&ph, p.Fragment)
				if err != nil {
					panic(err)
				} else {
					// decode client hello packet
					//spew.Dump(ph)
					var pch TLSHandshakeDecoder.TLSClientHello
					err = TLSHandshakeDecoder.TLSDecodeClientHello(&pch, ph.Body)
					if err != nil {
						panic(err)
					} else {
						//fmt.Printf("%#v\n", pch)
						spew.Dump(pch)
					}
				}
			}
			//return
		}
	}
}